what you don't know can hurt you

Jaow 2.4.5 Blind SQL Injection

Jaow 2.4.5 Blind SQL Injection
Posted May 24, 2012
Authored by kallimero

Jaow versions 2.4.5 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6e6b513afde6050a95045e553840c8c1

Jaow 2.4.5 Blind SQL Injection

Change Mirror Download
# Exploit Title: Jaow <= 2.4.5 Blind Sql Injection
# Google Dork: intext:"propuls� par jaow 2.4.5"
# Date: 23/05/2012
# Software Link: http://www.jaow.net/telechargements/Jaow_V2.4.5.zip
# Version: 2.4.5
# Tested on: Debian GNU/Linux
# Author: kallimero


= Introduction =


Jaow is a CMS that can manage sites of small sizes, thanks to its simple,
commented code you can easily create templates and / or create modules to
suit your needs. Jaow is the solution for small sites, blogs or portfolio.

= Details =

Unfortunately, a Blind SQL injection is possible in the 2.4.5 core.

Vulnerable page : add_ons.php
Extract from the source :

-------------[ add_ons.php ]--------------
// On stocke dans une variable simple le add_on demand�
$add_on = stripslashes($_GET['add_ons']);

// On recherche si l'add_on est install�

echo 'SELECT id,nom FROM '.$db_prefix.'add_ons WHERE nom="'.$add_on.'"
AND actif="1"';

$query_add_ons = mysql_query('SELECT id,nom FROM '.$db_prefix.'add_ons
WHERE nom="'.$add_on.'" AND actif="1"');

-------------[ add_ons.php ]--------------

So, we can inject sql with the add_ons variable, like that :
http://[site]/[path]/add_ons.php?add_ons=[SQL injection]


= Solutions =

Update is avalaible here : http://www.jaow.net/Article-97


= Thanks =

Thanks to necromoine, fr0g, st0rn, applestorm, Zhyar, k3nz0, m4ke and all
hwc-crew members. http://hwc-crew.com/
And all npn members. http://n-pn.info/

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close