1.                        

Open Audit SQL Injection Vulnerability

'Exploit Shellcode Archive' forumunda KaliBot tarafından 6 Mart 2016 tarihinde açılan konu

  1. KaliBot

    KaliBot Albay

    Katılım:
    30 Haziran 2015
    Mesaj:
    509
    Beğeniler:
    23
    Ödül Puanları:
    2
    Web Sitesi:
    Kod:
    #Exploit Title      : Open Audit SQL Injection Vulnerability
    #Exploit Author  : Rahul Pratap Singh
    #Date                 : 2/Jan/2016
    #Home page Link  : https://github.com/jonabbey/open-audit
    #Website      : 0x62626262.wordpress.com
    #Twitter              : @0x62626262
    #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
     
    1. Description
     
    "id" field in software_add_license.php is not properly sanitized, that
    leads to SQL Injection Vulnerability.
     
    "pc" field in delete_system.php, list_viewdef_software_for_system.php and
    system_export.php is not properly sanitized, that leads to SQL Injection
    Vulnerability.
     
     
    2. Vulnerable Code:
     
    software_add_license.php: ( line 12 to 13)
     
    $sql = "SELECT * from software_register WHERE software_reg_id = '" .
    $_GET["id"] . "'";
    $result = mysql_query($sql, $db);
     
     
    delete_system.php: ( line 5 to 10)
     
      if (isset($_GET['pc'])) {
     
        $link = mysql_connect($mysql_server, $mysql_user, $mysql_password) or
    die("Could not connect");
        mysql_select_db("$mysql_database") or die("Could not select database");
        $query = "select system_name from system where system_uuid='" .
    $_GET['pc'] . "'";
        $result = mysql_query($query)  or die("Query failed at retrieve system
    name stage.");
     
     
    list_viewdef_software_for_system.php: ( line 2 to 3)
     
    $sql = "SELECT system_os_type FROM system WHERE system_uuid = '" .
    $_REQUEST["pc"] . "'";
    $result = mysql_query($sql, $db);
     
     
    system_export.php: ( line 108 to 112)
     
    if(isset($_REQUEST["pc"]) AND $_REQUEST["pc"]!=""){
      $pc=$_REQUEST["pc"];
      $_GET["pc"]=$_REQUEST["pc"];
      $sql = "SELECT system_uuid, system_timestamp, system_name FROM system
    WHERE system_uuid = '$pc' OR system_name = '$pc' ";
      $result = mysql_query($sql, $db);
    #  0day.today [2016-03-06]  #
     

Bu Sayfayı Paylaş

Share