Newsletter 4.3 SQL Injection



EKU-ID: 4860 CVE: OSVDB-ID:
Author: Ashiyane Digital Security Team Published: 2015-05-25 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]

Exploit Title  : Newsletter 4.3 SQL Injection Vulnerability

Exploit Author : Ashiyane Digital Security Team

Vendor Homepage: www.conpresso.de - www.conpresso4.de

Google Dork ONE: intext:Module Newsletter 4.3

Google Dork TWO: Module Newsletter 4.3 by www.conpresso4.de

Date           : 2015-05-21

Tested On      : linux Kali + Windows Se7en

Link Software  : http://www.conpresso4.de/_data/cpo4_mod_newsletter_4.3e.zip

[-][-][-][-][-][-][-][-][-][-] DESCRITION [-][-][-][-][-][-][-][-][-][-]

newsletter Module SQL Injection Vulnerability
Researched by  Ashiyane Security Researcher Team

[-][-][-][-][-][-][-][-][-][-] Location [-][-][-][-][-][-][-][-][-][-][-]

http://localhost/[patch]/mod_newsletter/preview.php?action=preview&nr=( SQL )

[-][-][-][-][-][-][-][-][-] Vulnerability CODE [-][-][-][-][-][-][-][-][-]

======= includes/inc_preview.inc.php ========

<?php
if (!defined('CPO')) exit;

if (!is_numeric($_GET['nr'])) exit;

$query = "SELECT commentary, verfallsdatum, templates_id, nr, idx,  
email, autor, pub_datum, titel, initial, freigabe "
         ."FROM ".CPO_NEWS." "
         ."WHERE nr=".(int)$_GET['nr']." ";

DEBUG(2, $query, __FILE__, __LINE__);
$db = new DB;
$db->query($query);

$db->next_record();
$db_template      = $db->v('templates_id');
$db_nr            = $db->v('nr');
$db_idx           = $db->v('idx');
$db_email         = $db->v('email');
$db_autor         = $db->v('autor');
$db_pub_datum     = $db->v('pub_datum');
$db_verfallsdatum = $db->v('verfallsdatum');
$db_commentary    = $db->v('commentary');
$db_titel         = $db->v('titel');
$db_initial       = $db->v('initial');
$db_freigabe      = $db->v('freigabe');

$pagetype = 'detail';
require(CPO_BASEDIR.$activeModules[$directory]['directory'].'/includes/inc_output.inc.php');
?>

[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]

           Discovered by : SeRaVo.BlackHat  >> H.4.S.S.4.N <<

Special Tnx : Hamed Nikpour - Hesam Bazvand - H_SQLI.EMpiRe - Rezahck23

Mohammad habili - Alireza Akhtari - Und3rgr0und - EviL ShaDoW - ACCESS

[-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-]