Lucene search
Mark StanislavPACKETSTORM:111113HistoryMar 23, 2012 - 12:00 a.m.
PHP Grade Book 1.9.4 SQL Database Export
2012-03-2300:00:00
Mark Stanislav
packetstormsecurity.com
19
0.07 Low
EPSS
Percentile
93.3%
`'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
Mark Stanislav - [email protected]
I. DESCRIPTION
---------------------------------------
A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by accessing the 'Database Backup' method without restriction. Due to the way sessions are handled, an attacker can then simply pass the username and password-hash via cookies to assume the administrative role without ever knowing the clear-text version of the password.
II. TESTED VERSION
---------------------------------------
1.9.4
III. PoC EXPLOIT
---------------------------------------
http://localhost/phpGradeBook/admin/index.php?action=SaveSQL
IV. SOLUTION
---------------------------------------
Upgrade to 1.9.5 or above.
V. REFERENCES
---------------------------------------
http://sourceforge.net/projects/php-gradebook/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1670
VI. TIMELINE
---------------------------------------
02/29/2012 - Initial vendor disclosure
02/29/2012 - Vendor response and commitment to fix
03/01/2012 - Vendor patched and released an updated version
03/22/2012 - Public disclosure
`
Related
exploitpack
exploitpack
PHP Grade Book 1.9.4 - SQL Database Export
2012-03-22 00:00:00
securityvulns
securityvulns
cve
cve
CVE-2012-1670
2012-03-31 14:55:00
prion
prion
Design/Logic Flaw
2012-03-31 14:55:00
cvelist
cvelist
CVE-2012-1670
2012-03-31 14:00:00
seebug
seebug
PHP Grade Book 1.9.4 Unauthenticated SQL Database Export
2014-07-01 00:00:00
exploitdb
exploitdb
PHP Grade Book 1.9.4 - SQL Database Export
2012-03-22 00:00:00