exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ananta Gazelle 1.0 SQL Injection

Ananta Gazelle 1.0 SQL Injection
Posted Mar 15, 2010
Authored by AmnPardaz Security Research Team | Site bugreport.ir

Ananta Gazelle version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6d03cb4a7390a2123d43ed675216a0f832c590db934ad3d99c7916a88122fa67

Ananta Gazelle 1.0 SQL Injection

Change Mirror Download
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: Ananta Gazelle SQL Injection Vulnerability
# Vendor: http://www.anantasoft.com/
# Vulnerable Version: 1.0 (Latest version till now)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################

####################
- Description:
####################

Ananta Gazelle is a rich JavaScript enabled CMS with multiple CSS
templates. It is written in
PHP and uses MySQL. Approximately all of the queries of this CMS are
written without dealing
with any one of user inputs in order to avoid SQL injection (as
described by its comments:)


####################
- Vulnerability:
####################

+--> SQL Injection
The forgotten password page "forgot.php" uses hidden inputs for
creating a query in order to set
an activation code. This vulnerability can be used to change the
password of anyone.

####################
- Exploits/PoCs:
####################

+--> Exploiting The (MySQL) SQL Injection:
There are three affected parameters: 'table', 'activate', 'email'.
All of them can be used for injection. For example we can change the
password of the admin
user to "mypass" by setting the following values:
table="users" (unchanged)
activate="123', pass=md5('mypass'), activate='456"
email="the email of the admin user"

####################
- Solution:
####################

Sanitize the inputs of forgot.php file and do not place the parameters
in the hidden inputs (migrate them to the session instead).

####################
- Original Advisory:
####################

http://www.bugreport.ir/index_70.htm

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close