44 lines
No EOL
1.7 KiB
Text
44 lines
No EOL
1.7 KiB
Text
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|
|
>> General Information
|
|
Advisory/Exploit Title = OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities
|
|
Author = Valentin Hoebel
|
|
Contact = valentin@xenuser.org
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|
|
>> Product information
|
|
Name = OneOrZero AIMS
|
|
Vendor = OneOrZero
|
|
Vendor Website = http://oneorzero.com/
|
|
Affected Version(s) = 2.6.0
|
|
|
|
|
|
Hint: The vulnerabilities can only be seen if you are logged in.
|
|
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
|
|
>> SQL Injection
|
|
Multiple scripts and parameters are affected by remote SQL injection vulnerabilities.
|
|
You can also manipulate SQL queries with the help of various search fields of this
|
|
web app.
|
|
|
|
Some example URLs:
|
|
index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=saved_search&global=1&id=[SQL Injection]
|
|
index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=show_item_search&item_types=[SQL Injection]
|
|
|
|
|
|
>> Local File Inclusion
|
|
index.php?controller=[LFI]&subcontroller=app_oneorzerotimemanager_manage&option=show_report
|
|
This vulnerability can be tricky to exploit. If OpenBaseDir is set, you can at least
|
|
view files in the directory of this web software.
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
|
|
>> Additional Information
|
|
Advisory/Exploit Published = 13.11.2010
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
|
|
>> Misc
|
|
Greetz = cr4wl3r, JosS, packetstormsecurity.org, exploit-db.com
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::] |