Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18004
HistorySep 17, 2007 - 12:00 a.m.

множественные уязвимости в Stride v1.0

2007-09-1700:00:00
vulners.com
5972
JSON

Здравствуйте, 3APA3A.

Software: Stride v1.0 Content Management System, Merchant, Courses
Vendor: www.scottmanktelow.com
Vulnerability: множественные уязвимости
Risk: высокий
Date: 16.09.2007
discovered by durito -durito[at]mail[dot]ru-
HTTP: durito.narod.ru

+~~~:| Details |:

SQL-инъекции

+~~~:| Экплойт |:

Content Management System

http://www.target.com/main.php?p=[SQL]

Merchant

http://www.target.com/shop.php?cmd=sto&id=[SQL]

Courses

http://www.target.com/detail.php?course=[SQL]
http://www.target.com/detail.php?provider=[SQL]

Просмотр реквизитов доступа к ftp (при наличии установленного модуля MyFTPUploader)

+~~~:| Экплойт |:

http://www.target.com/include/imageupload.js
    
    фрагмент imageupload.js:
    
    +-+-+-+-+-+-+-+-+-+-+

document.writeln('<param name="uploadDirectory" value="/public_html/dbimages/process">');
document.writeln('<param name="successURL" value="admin_imagemulti.php?action=process">');
document.writeln('<param name="host" value="www.target.com">');
document.writeln('<param name="userName" value="target">');
document.writeln('<param name="password" value="target">');

    +-+-+-+-+-+-+-+-+-+-+

Дефолтовый пароль Super Administrator'а (все продукты):

http://www.target.com/login.php

login: scott
password: running


С уважением,
durito [NGH Group] mailto:[email protected]
http://durito.narod.ru
http://ngh.void.ru

JSON