| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Apr 2012 13:11:33 -0400 From: Thomas Richards <g13net@...il.com> To: bugtraq@...urityfocus.com Subject: ChurchCMS 0.0.1 'admin.php' Multiple SQLi # Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi # Date: 04/21/12 # Author: G13 # Twitter: @g13net # Software Link: http://sourceforge.net/projects/churchcms/?source=directory # Version: 0.0.1 # Category: webapps (php) # ##### Description ##### ChurchCMS is the software to place on your church's website that is easily managed, self-intuitive, yet expandable via our module library. Included features are: announcements, calendar, prayer requests manager, and help wanted manager. ##### Vulnerability ##### The admin.php page has multiple SQL injection vulnerabilities. Both the 'uname' and 'pass' parameters are vulnerable to SQL Injection. The vulnerability exists via the POST method. ##### Exploit ##### POST http://localhost/churchcms/admin.php?op=login HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Proxy-Connection: keep-alive Referer: http://localhost/churchcms/index.php Cookie: PHPSESSID=eq342ldrgqt4i5fshe6q2kvj17 Content-Type: application/x-www-form-urlencoded Content-length: 40 uname=[SQLi]&pass=[SQLi] ##### Vendor Notification ##### 04/21/12 - Vendor notified Per my disclosure policy, advisory is released. http://www.g13net.com/vuln-disc.txt
Powered by blists - more mailing lists