Exploit PHP Grade Book 1.9.4 - SQL Database Export

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
18647
Проверка EDB
  1. Пройдено
Автор
MARK STANISLAV
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2012-1670
Дата публикации
2012-03-22
Код:
'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
Mark Stanislav - [email protected]


I. DESCRIPTION
---------------------------------------
A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by accessing the 'Database Backup' method without restriction. Due to the way sessions are handled, an attacker can then simply pass the username and password-hash via cookies to assume the administrative role without ever knowing the clear-text version of the password.

 
II. TESTED VERSION
---------------------------------------
1.9.4


III. PoC EXPLOIT
---------------------------------------
http://localhost/phpGradeBook/admin/index.php?action=SaveSQL


IV. SOLUTION
---------------------------------------
Upgrade to 1.9.5 or above.


V. REFERENCES
---------------------------------------
http://sourceforge.net/projects/php-gradebook/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1670


VI. TIMELINE
---------------------------------------
02/29/2012 - Initial vendor disclosure
02/29/2012 - Vendor response and commitment to fix
03/01/2012 - Vendor patched and released an updated version
03/22/2012 - Public disclosure
 
Источник
www.exploit-db.com

Похожие темы