VBook 'Index.PHP' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195547 漏洞类型 SQL注入
发布时间 2006-03-30 更新时间 2006-04-11
CVE编号 CVE-2006-1561 CNNVD-ID CNNVD-200603-537
漏洞平台 N/A CVSS评分 5.1
|漏洞来源
https://www.securityfocus.com/bid/17320
https://cxsecurity.com/issue/WLB-2006040031
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-537
|漏洞详情
在vscripts(又称KubaKunkiewicz)[V]Book(又称VBook)2.0的index.php中存在SQL注入漏洞,远程攻击者可通过x参数执行任意SQL命令。
|漏洞EXP
New eVuln Advisory:
[V]Book Multiple Vulnerabilities
http://evuln.com/vulns/111/summary.html

--------------------Summary----------------
eVuln ID: EV0111
CVE: CVE-2006-1561 CVE-2006-1562 CVE-2006-1563
Software: [V]Book
Sowtware's Web Site: http://www.vscripts.pl/?id=vbook2
Versions: 2.0
Critical Level: Dangerous
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
1. SQL Injection.

Vulnerable script: index.php

Parameter x is not properly sanitized before being used in SQL query. This can be used to evaluate arbitrary SQL expression.

Condition: magic_quotes_gpc = off

2. Multiple Cross-Site Scripting.

Vulnerable Script: index.php

Parameters autor, www, temat, tresc are not properly sanitized. This can be used to post arbitrary HTML or web script code.

3. PHP Code Insertion.

Administrator has an ability to edit variable values from config.php file. This can be used to insert arbitrary PHP code into config file which executes by every php-script.

System access is possible.

Condition: magic_quotes_gpc = off

--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/111/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
|受影响的产品
vscripts.pl VBook 2.0
|参考资料

来源:MISC
链接:http://evuln.com/vulns/111
来源:XF
名称:vbook-index-sql-injection(25519)
链接:http://xforce.iss.net/xforce/xfdb/25519
来源:BID
名称:17320
链接:http://www.securityfocus.com/bid/17320
来源:BUGTRAQ
名称:20060411[eVuln][V]BookMultipleVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/430624/100/0/threaded
来源:OSVDB
名称:24270
链接:http://www.osvdb.org/24270
来源:VUPEN
名称:ADV-2006-1174
链接:http://www.frsirt.com/english/advisories/2006/1174
来源:SREASON
名称:696
链接:http://securityreason.com/securityalert/696
来源:SECUNIA
名称:19448
链接:http://secunia.com/advisories/19448