Exploit CitrusDB 0.3.6 - 'importcc.php' Arbitrary Database Injection

[Exploiter]

EDB-ID

25099

Проверка EDB

1. Пройдено

Автор

REDTEAM PENTESTING

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2005-0409

Дата публикации

2005-02-15

source: https://www.securityfocus.com/bid/12557/info

CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import.

These issues are reported to affect CitrusDB 0.3.6; earlier versions may also be affected.


curl -D - --cookie "id_hash=2378c7b70e77d9c6737d697a46cbe34b;
user_name=testor"
"http://<target>/citrusdb/tools/index.php?load=importcc&submit=on"