Loadfactor Forum
April 28, 2007, 03:33:19 PM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: Welcome to LimboForge Forum.
Home
Help
Search
Login
Register
Loadfactor Forum
>
Limbo CMS
>
Limbo Security
>
Done!)limbo sql injection exploit / weblinks.html.php $catid
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: Done!)limbo sql injection exploit / weblinks.html.php $catid (Read 894 times)
0 Members and 1 Guest are viewing this topic.
itochan
Administrator
Jr. Member
Offline
Posts: 54
Done!)limbo sql injection exploit / weblinks.html.php $catid
«
on:
May 10, 2006, 10:45:42 AM »
how about this?
Quote
/components/com_weblinks/weblinks.html.php
before the line 8
Code:
if(!isset($page))$page=1;
insert this line
Code:
if(isset($catid)) $catid=(is_numeric($catid))?$catid:NULL ;
==
Done!
Cumulative Fix
v8 (at 10 Mayl) can fix it.
==
Done!
You can also see
secunia
(I reported this
)
«
Last Edit: May 11, 2006, 08:18:59 AM by itochan
»
Logged
eternal beginner
when I suggest wrong, please correct me elegantly.
Lance
Jr. Member
Offline
Posts: 62
Re: limbo sql injection exploit / weblinks.html.php $catid
«
Reply #1 on:
May 10, 2006, 10:55:51 AM »
Yes, it seems the earlier cumulative fix addressed the sql.php file.
The link to the code to exploit the sql injection exploit is here:
http://milw0rm.com/exploits/1751
I hope the code you provided fixes that one, thank you.
Logged
Drake CMS Project on SourceForge
Drake Forge
Drake CMS
gergero
Administrator
Newbie
Offline
Posts: 18
Re: limbo sql injection exploit / weblinks.html.php $catid
«
Reply #2 on:
May 10, 2006, 12:16:36 PM »
I have updated the Cumulative Fix with the code provided by itochan (tested, it works fine!).
catid SQL injection exploit:
- target systems with text database are NOT vulnerable, mysql database IS vulnerable
- intended to reveal the login and the (encrypted password) for admin account,
therefor I would suggest that you change your admin password (if your database is mysql)
Logged
Lance
Jr. Member
Offline
Posts: 62
Re: Done?)limbo sql injection exploit / weblinks.html.php $catid
«
Reply #3 on:
May 10, 2006, 09:14:52 PM »
Well done, thank you for the update!
Logged
Drake CMS Project on SourceForge
Drake Forge
Drake CMS
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Announcements
-----------------------------
Limbo CMS
-----------------------------
=> Limbo Installation
=> Limbo Security
=> General Questions
=> SmallTalk
=> Bug reports
Loading...