LabStoRe 1.5.4 – SQL Injection

• Exploit Database
• 9 阅读

• 作者： muuratsalo
  日期： 2011-11-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18090/

• 	------------------------------------------------------------------------
  	LabStoRe <= 1.5.4 Sql Injection Vulnerabilities
  	------------------------------------------------------------------------
   
  	author............: muuratsalo (Revshell.com)
  	contact...........: muuratsalo[at]gmail[dot]com
  	download..........: http://www.bioinformatics.org/phplabware/labwiki/index.php
  
   
  	[0x01] Vulnerability overview:
  
  	All versions of LabStore <= 1.5.4 are affected by Sql injection vulnerabilities.
  	A valid account could be required to exploit the vulnerabilities.
   
  	[0x02] Disclosure timeline:
   
  	[04/11/2011] - Multiple sql injection vulnerabilities discovered and reported to the vendor
  	[05/11/2011] - Multiple sql injection vulnerabilities fixed, LabStoRe 1.5.4 released. 
  [05/11/2011] - LabStoRe 1.5.4 is still vulnerable to some sql injection vulnerabilities.
  	[05/11/2011] - The vendor is currently working on fixing the reported issues.
  	[06/11/2011] - Public disclosure
  
  	[0x03] Proof of Concept:
  
  http://localhost/labstore/stocks/interface_creator/index.php?table_name=proteins&function=search&where_clause=[SQL INJECTION]&page=0&order=nature&order_type=ASC
  http://localhost/labstore/stocks/interface_creator/index_long.php?table_name=proteins&function=search&where_clause=[SQL INJECTION]&page=0&order=nature&order_type=ASC
  	http://localhost/labstore/stocks/interface_creator/index_short.php?table_name=proteins&function=search&where_clause=[SQL INJECTION]&page=0&order=nature&order_type=ASC