Mafia Moblog Full Path Disclosure / SQL injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053209 漏洞类型
发布时间 2006-06-13 更新时间 2006-06-13
CVE编号 CVE-2006-2978
CVE-2006-2977
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006060083
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Produce : Mafia Moblog

WebSite :http://mafia.pearlabs.org

Version : 6 Full and Prior

Discovred By :Moroccan Security Research Team (Simo64)

IMPACT  : Manipulation of data, System access

[+] Full Path Disclosure :

The problem is that it is possible to disclose the full path to 'big.php','upgrade.php' by accessing directly.

Exemple:

http://localhost/moblog/big.php

Result :

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/simo64/www/moblog/templates/match plus/big.php on line 54

[+] SQL Injection :

Input passed to 'img' parameters in 'big.php' is not properly sanitised

before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

[-] Vulnerable Code in 'templates/match plus/big.php' :

****************************

52  $query = "SELECT * FROM $table WHERE id=$img";

53  $result = mysql_query($query);

54  $row = mysql_fetch_row($result);

***************************

[-] Exploit : http://localhost//moblog/big.php?img=[SQL]&pg=1

[+]Contact : Simo64 (at) gmail (dot) com [email concealed] [Moroccan Security Team]