<< Previous Next >>
SQL injection
iScripts MultiCart 2.2 Multiple SQL Injection Vulnerability
Name iScripts MultiCart
Vendor http://www.iscripts.com
Versions Affected 2.2
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-03-07
eoCMS SQL injection vulnerability
1. General information
eoCMS is an open source code software which is used to develop Internet
forum (http://eocms.com/). On October 15, 2009, Bkis Security detected a
SQL injection vulnerability in some functions of eoCMS.
This is a critical vulnerability which allows hacker to access the data
in the database and execute unauthorized tasks. Bkis has informed the
MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection
Vulnerability - http://bit.ly/bLHmuS
MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection
Vulnerability - http://bit.ly/cdxZHX
MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability
- http://bit.ly/crEATq
MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability -
http://bit.ly/aAFdMM
MOPS-2010-007: ClanTiger Shoutbox Module s_email SQL Injection
vulnerability - http://bit.ly/cbSJxo
#!/usr/bin/perl
#---------------------------------------------------------------------------
#(POST var 'rating') BLIND SQL INJECTION--microTopic v1 Initial Release-->
#---------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://sourceforge.net/projects/microtopic/
#-->DOWNLOAD: http://sourceforge.net/projects/microtopic/
#-->DEMO: N/A
#!/usr/bin/perl
#--------------------------------------------------------------------------------
#(GET var 'member') BLIND SQL INJECTION EXPLOIT --FAMILY CONNECTIONS <= v1.9 -->
#--------------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://www.familycms.com/index.php
#-->DOWNLOAD: http://www.familycms.com/download.php
#-->DEMO: http://www.familycms.com/demo/index.php
-----Original Message-----
From: y3nh4ck3r@gmail.com <y3nh4ck3r@gmail.com>
Sent: Monday, April 27, 2009 12:42 PM
To: bugtraq@securityfocus.com <bugtraq@securityfocus.com>
Subject: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
-------------------------------------------------
SQL INJECTION VULNERABILITY --EZ-blog Beta2-->
-------------------------------------------------
[+] Application: Family Connection
[+] Version: 1.8.1
[+] Website: http://www.familycms.com
[+] Bugs: [A] Multiple SQL Injection
[B] Create Admin User
[C] Blind SQL Injection
[+] Exploitation: Remote
[+] Date: 25 Mar 2009
Description
-----------
OpenSite is an Open Source Content Management System powered by PHP5 and MySQL 4 and is extremely simple and lightweight.
We have discovered six vulnerabilities in OpenSite from authentication bruteforce to SQL injection. Except the first vulnerability rated at critical severity, the rest is of low severity.
1. Weakened authentication.
The function ``init`` in ``origin/libs/user.php`` checks for a matching ``origin_hash`` cookie. However, this cookie can be bruteforced in at most 2^32 tries for a known username. In reality, the number of attempts could be greatly reduced knowing that we do not have to check for time in the future, and long past.
####################
2. Vulnerabilities:
####################
2.1. Absolute Live Support XE (ASP version 5.1) (admin)
2.1.1. SQL Injection in "search.asp" by "orderby" parameter.
POC:
http://[URL]/xlaabsolutels/search.asp?orderby=[SQL INJECTION]
2.1.2. XSS in "search.asp" (all fields are vulnerable).
POC:
# --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
# --==+ StanWeb.CMS (default.asp id) Remote SQL Injection Exploit +==--
# --==+====================================================================================+==--
# [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]
# [+] Info:
# [~] Software: StanWeb.CMS
# [~] Exploit: Remote SQL Injection [High]
# [~] Bug Found By: JosS | Jose Luis Gngora Fernndez
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10
===============================================================================
Author: Janek Vind "waraxe"
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-62.html
Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities
Name Biblioteca
Vendor http://www.cielostellato.info
Versions Affected 1.0 Beta
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-21
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Cross site scripting [CWE-79], SQL injection [CWE-89]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2010-3266, CVE-2010-3267
Bugtraq ID: N/A
Vulnerability title: Sonexis ConferenceManager SQL Injection
Solutionary ID: SERT-VDN-1006
Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html
CVE ID: Pending
CVSS risk rating: 8
Product: Dolibarr
Vendor: Dolibarr foundation ( http://www.dolibarr.org/ )
Vulnerable Version: 3.1.0 RC and probably prior
Tested Version: 3.1.0 RC
Vendor Notification: 02 November 2011
Vulnerability Type: XSS, SQL Injection
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
Previously discovered:
http://packetstormsecurity.org/0812-exploits/estore-sql.txt 856a5dc9cba52e892cbb54bd2e1a0a82 getaphpsite e-store suffers from a remote SQL injection vulnerability in SearchResults.php. Authored By <a href="mailto:trt-turk[at]hotmail.com">ZoRLu</a>
On Fri, Dec 11, 2009 at 05:50:54AM +0100, Salvatore Fresta aka Drosophila wrote:
> E-Store SQL Injection Vulnerability
>
> Name E-Store
> Vendor http://www.getaphpsite.com
>
#
#CMS VULNERABILITY:
#
#-->TESTED ON: firefox 3
#-->DORK: N/A
#-->CATEGORY: BLIND SQL INJECTION EXPLOIT
#-->AFFECT VERSION: CURRENT
#-->Discovered Bug date: 2009-06-02
#-->Reported Bug date: 2009-06-02
#-->Fixed bug date: Not fixed
#-->Info patch: Not fixed
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
Vulnerable: v3.0.7.x
Vendor: www.rj-itop.com
Category: Input Validation Error
Impact: SQL injection
Details:
####################
- Vulnerability:
####################
+--> MS SQL Server 2005 SQL Injection
+--/-- 1>
There is an SQL Injection vulenarability in the site search module.
The code can be find in "<SRC_DIR>/BlazeApps/Usercontrols/Search.ascx" file.
Submitting search criteria will cause subroutine "uxSubmitButton_Click"
in the file "<SRC_DIR>/BlazeApps/Usercontrols/Search.ascx.vb" to be executed.
it is 21th of May. The Month of PHP Security
(http://www.php-security.org) is still running and we have reached a
vulnerability count of 40 vulnerabilities, which is nearly as much as we
disclosed during the whole Month of PHP Bugs in 2007. However there are
11 more days until the end of May and therefore there are still plenty
of more vulnerabilities to come. Escpecially the amount of SQL injection
vulnerabilites in PHP applications will increase, because it is called
SQL injection marathon for a reason. And we also have several articles
and submissions left.
There have been some changes to the website that should make it easier
[waraxe-2007-SA#055] - Sql Injection in SiteX CMS 0.7.3 Beta
====================================================================
Author: Janek Vind "waraxe"
Date: 27. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-55.html
Product: SQL-Ledger – an open source double entry accounting/ERP system
Website: http://www.sql-ledger.org
Vulnerabilities:
- no Cross-Site-Request-Forgery (XSRF) protection
- persistent cross site scripting
- SQL injections
- local file include
- secure cookie flag not set
Class: remote
Status: unpatched
Severity: moderate
[waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1
===============================================================================
Author: Janek Vind "waraxe"
Date: 17. November 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-68.html
Core Security Technologies - CoreLabs
Advisory
http://corelabs.coresecurity.com/
SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application
1. *Advisory Information*
Title: SQL Injection in CubeCart PHP Free & Commercial Shopping Cart
Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/
SQL Injection in Achievo
1. *Advisory Information*
Title: SQL Injection in Achievo
Advisory ID: BONSAI-2009-0102
#** **
#***********************************************************************************************
#***********************************************************************************************
#
#---------------------------------------------------------------------------------------------
#| (GET var 'name') BLIND SQL INJECTION EXPLOIT |
#|-------------------------------------------------------------------------------------------|
#| | FretsWeb 1.2 | |
#| CMS INFORMATION: ------------------------ |
#| |
#|-->WEB: http://sourceforge.net/projects/fretsweb/ |
#!/usr/bin/python
#----------------------------------------------------------------
#(GET var 'name') BLIND SQL INJECTION EXPLOIT --FretsWeb 1.2-->
#----------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://sourceforge.net/projects/fretsweb/
#-->DOWNLOAD: http://sourceforge.net/projects/fretsweb/
#-->DEMO: N/A
Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/
SQL Injection in CS-Cart
1. *Advisory Information*
Title: SQL Injection in CS-Cart
Advisory ID: BONSAI-2009-0100
21.07.2009 - disclosed at my site.
-----------------------------
Details:
These are Insufficient Authentication, Cross-Site Scripting and SQL
Injection vulnerabilities.
Insufficient Authentication:
http://site/xampp/
#!/usr/bin/perl
#####################################################################################
#### EasyNews-40tr ####
#### Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI) ####
#####################################################################################
# #
#Discovered by : IRCRASH By Dr.Crash #
#Exploited By : Dr.Crash #
#IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm #
# #
<<Previous Next>>
|
