Ushahidi 2.0.1（范围参数）的SQL注入漏洞（后验证）

Ushahidi 2.0.1 (range param) SQL Injection Vulnerability (post-auth)

Vendor: Ushahidi, Inc.
Product web page: http://www.ushahidi.com
Affected version: 2.0.1 (Tunis)

Summary: The Ushahidi Platform is a platform for information
collection, visualization and interactive mapping.

Desc: Input passed via the 'range' parameter to dashboard.php is
not properly sanitised in application/controllers/admin/dashboard.php
before being used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

-------------------------------------------------------
applicationcontrollersadmindashboard.php

Lines: 103-112:
-------------------------------------------------------
// Set the date range (how many days in the past from today?)
        //    default to one year
        $range = (isset($_GET['range'])) ? $_GET['range'] : 365;
       
        if(isset($_GET['range']) AND $_GET['range'] == 0)
        {
            $range = NULL;
        }
       
        $this->template->content->range = $range;
-------------------------------------------------------

Tested on: Tested on: Microsoft Windows XP Professional SP3 (EN)
           Apache 2.2.14 (Win32)
           PHP 5.3.1
           MySQL 5.1.41

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            liquidworm gmail com

Advisory ID: ZSL-2011-5016
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5016.php

Vendor Advisory: http://dev.ushahidi.com/issues/show/2195

25.05.2011

----

PoC:

- http://192.168.16.100/index.php/admin/dashboard/?range=1[SQLi]

国外转载回来的。。

文章来源于lcx.cc:Ushahidi 2.0.1（范围参数）的SQL注入漏洞（后验证）

相关推荐: 【视频】网友调侃中石化天价酒单《我为祖国喝茅台》

网友调侃中石化天价酒单《我为祖国喝茅台》     【视频】网友调侃中石化天价酒单《我为祖国喝茅台》，我为祖国喝茅台，中石化，网友调侃。     不做评论，政府独裁、绝对垄断、极度腐败造就了中国的当前现状。 留言评论（旧系统）： 我叫罗玉凤！ @ 2011-04…