Dir2web3 3.0 SQL Injection / Information Disclosure

2012-08-05T00:00:00

Description

{"id": "PACKETSTORM:115301", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Dir2web3 3.0 SQL Injection / Information Disclosure", "description": "", "published": "2012-08-05T00:00:00", "modified": "2012-08-05T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "href": "https://packetstormsecurity.com/files/115301/Dir2web3-3.0-SQL-Injection-Information-Disclosure.html", "reporter": "Daniel Correa", "references": [], "cvelist": ["CVE-2012-4069", "CVE-2012-4070"], "lastseen": "2016-12-05T22:25:26", "viewCount": 10, "enchantments": {"score": {"value": -0.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-4069", "CVE-2012-4070"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28374", "SECURITYVULNS:VULN:12511"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-4069", "CVE-2012-4070"]}]}, "exploitation": null, "vulnersScore": -0.7}, "sourceHref": "https://packetstormsecurity.com/files/download/115301/dir2web3-sqldisclose.txt", "sourceData": "`Title: \n====== \nDir2web3 Multiple Vulnerabilities \n \nDate: \n===== \n05/08/2012 \n \nAuthor: \n======= \nDaniel Correa (http://www.sinfocol.org/) \n \nVulnerable software: \n==================== \nDir2web v3.0 (http://www.dir2web.it/) \n \nCVE: \n==== \nCVE-2012-4069 \nCVE-2012-4070 \n \nDetails: \n======== \nThere are two vulnerabilities identified on Dir2web v3.0: \n \nInformation disclosure (CVE-2012-4069): \nDatabase folder is public and it is not protected via .htaccess. An attacker \ncan download the entire database and look for hidden pages on the website. \n \nSQL Injection (CVE-2012-4070): \nPreg_match function is not enough to protect GET/POST parameters. An \nattacker \ncan easily make a SQL Injection over the application. \n \nExploit: \n======== \nInformation disclosure: \nhttp://site/_dir2web/system/db/website.db \n \nSQL Injection: \nhttp://site/index.php?wpid=homepage&oid=6a303a0aaa' OR id > 0-- - \n \nPatch: \n====== \nInformation disclosure: \nCreate .htaccess file on _dir2web folder with the following content: \norder deny, follow \ndeny from all \n \nSQL Injection: \nFix the regular expression in dispatcher.php file located on \n_dir2web/system/src folder. \n \nReplace: \n'/[a-zA-Z0-9]{10}/' \nWith: \n'/^[a-zA-Z0-9]{10}$/' \n \nTimeline: \n========= \n13/07/2012: Vendor contacted \n25/07/2012: CERT contacted \n27/07/2012: CVE assigned \n05/08/2012: Vulnerability published on Bugtraq \n \n-- \nRegards, \nDaniel Correa \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659703426}}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:45", "description": "\r\n\r\nTitle:\r\n======\r\nDir2web3 Multiple Vulnerabilities\r\n\r\nDate:\r\n=====\r\n05/08/2012\r\n\r\nAuthor:\r\n=======\r\nDaniel Correa (http://www.sinfocol.org/)\r\n\r\nVulnerable software:\r\n====================\r\nDir2web v3.0 (http://www.dir2web.it/)\r\n\r\nCVE:\r\n====\r\nCVE-2012-4069\r\nCVE-2012-4070\r\n\r\nDetails:\r\n========\r\nThere are two vulnerabilities identified on Dir2web v3.0:\r\n\r\nInformation disclosure (CVE-2012-4069):\r\nDatabase folder is public and it is not protected via .htaccess. An attacker\r\ncan download the entire database and look for hidden pages on the website.\r\n\r\nSQL Injection (CVE-2012-4070):\r\nPreg_match function is not enough to protect GET/POST parameters. An\r\nattacker\r\ncan easily make a SQL Injection over the application.\r\n\r\nExploit:\r\n========\r\nInformation disclosure:\r\nhttp://site/_dir2web/system/db/website.db\r\n\r\nSQL Injection:\r\nhttp://site/index.php?wpid=homepage&oid=6a303a0aaa' OR id > 0-- -\r\n\r\nPatch:\r\n======\r\nInformation disclosure:\r\nCreate .htaccess file on _dir2web folder with the following content:\r\norder deny, follow\r\ndeny from all\r\n\r\nSQL Injection:\r\nFix the regular expression in dispatcher.php file located on\r\n_dir2web/system/src folder.\r\n\r\nReplace:\r\n'/[a-zA-Z0-9]{10}/'\r\nWith:\r\n'/^[a-zA-Z0-9]{10}$/'\r\n\r\nTimeline:\r\n=========\r\n13/07/2012: Vendor contacted\r\n25/07/2012: CERT contacted\r\n27/07/2012: CVE assigned\r\n05/08/2012: Vulnerability published on Bugtraq\r\n\r\n-- Regards, Daniel Correa\r\n", "edition": 1, "cvss3": {}, "published": "2012-08-13T00:00:00", "title": "Dir2web3 Mutiple Vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-4069", "CVE-2012-4070"], "modified": "2012-08-13T00:00:00", "id": "SECURITYVULNS:DOC:28374", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28374", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:50:44", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2012-08-13T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-4000", "CVE-2012-4036", "CVE-2012-4034", "CVE-2012-3952", "CVE-2012-4035", "CVE-2012-3869", "CVE-2012-4069", "CVE-2012-3953", "CVE-2012-4070"], "modified": "2012-08-13T00:00:00", "id": "SECURITYVULNS:VULN:12511", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12511", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T12:48:29", "description": "SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.", "cvss3": {}, "published": "2012-08-12T17:55:00", "type": "cve", "title": "CVE-2012-4070", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4070"], "modified": "2012-08-13T04:00:00", "cpe": ["cpe:/a:dir2web:dir2web:3.0"], "id": "CVE-2012-4070", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4070", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:dir2web:dir2web:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:48:27", "description": "Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.", "cvss3": {}, "published": "2012-08-12T17:55:00", "type": "cve", "title": "CVE-2012-4069", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4069"], "modified": "2012-08-13T04:00:00", "cpe": ["cpe:/a:dir2web:dir2web:3.0"], "id": "CVE-2012-4069", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4069", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:dir2web:dir2web:3.0:*:*:*:*:*:*:*"]}]}

Dir2web3 3.0 SQL Injection / Information Disclosure

Description

Related