반응형
datetime subject id link
2023-03-19 04:00:03.077256 (XSS) CVE-2023-28607 https://cve.report/CVE-2023-28607
2023-03-19 04:00:03.077709 (XSS) CVE-2023-28606 https://cve.report/CVE-2023-28606
2023-03-19 07:00:02.460821 (PHP) CVE-2023-1485 https://cve.report/CVE-2023-1485
2023-03-19 08:00:02.360192 (Critical) CVE-2023-1491 https://cve.report/CVE-2023-1491
2023-03-19 08:00:02.360701 (Critical) CVE-2023-1490 https://cve.report/CVE-2023-1490
2023-03-19 08:00:02.361227 (Critical) CVE-2023-1489 https://cve.report/CVE-2023-1489
2023-03-19 09:00:03.169107 (PHP, SQL injection, Critical) CVE-2023-1494 https://cve.report/CVE-2023-1494
2023-03-19 10:00:02.471809 (SQL injection, Critical) CVE-2023-1495 https://cve.report/CVE-2023-1495
2023-03-19 11:00:03.133302 (PHP, SQL injection) CVE-2023-26905 https://cve.report/CVE-2023-26905
2023-03-19 13:00:02.661981 (Arbitrary Command) CVE-2023-28617 https://cve.report/CVE-2023-28617
반응형

'Hacking > CVE List' 카테고리의 다른 글

[CVE] 2023. 03. 21. MR(Monitoring Report)  (0) 2023.03.22
[CVE] 2023. 03. 20. MR(Monitoring Report)  (0) 2023.03.21
[CVE] 2023. 03. 18. MR(Monitoring Report)  (0) 2023.03.19
[CVE] 2023. 03. 17. MR(Monitoring Report)  (0) 2023.03.18
[CVE] 2023. 03. 16. MR(Monitoring Report)  (0) 2023.03.18
반응형
datetime subject id link
2023-03-18 00:00:05.272886 (WordPress, SQL injection) CVE-2023-1471 https://cve.report/CVE-2023-1471
2023-03-18 00:00:05.273781 (WordPress) CVE-2023-1470 https://cve.report/CVE-2023-1470
2023-03-18 00:00:05.274610 (XSS) CVE-2022-45817 https://cve.report/CVE-2022-45817
2023-03-18 00:00:05.275285 (XSS) CVE-2022-45814 https://cve.report/CVE-2022-45814
2023-03-18 00:00:05.276098 (XSS) CVE-2022-43461 https://cve.report/CVE-2022-43461
2023-03-18 01:00:03.379755 (PHP, SQL injection, Critical) CVE-2023-1475 https://cve.report/CVE-2023-1475
2023-03-18 01:00:03.380388 (PHP, SQL injection, Critical) CVE-2023-1474 https://cve.report/CVE-2023-1474
2023-03-18 01:00:03.455022 (WordPress) CVE-2023-1472 https://cve.report/CVE-2023-1472
2023-03-18 06:00:05.680116 (Kubernetes) CVE-2023-27593 https://cve.report/CVE-2023-27593
2023-03-18 07:54:04.238858 (Remote Code Execution, Laravel, PHP) CVE-2023-28115 https://cve.report/CVE-2023-28115
2023-03-18 07:54:04.239418 (Kubernetes) CVE-2023-27595 https://cve.report/CVE-2023-27595
2023-03-18 07:54:04.239972 (Command Injection, Arbitrary Command) CVE-2023-27253 https://cve.report/CVE-2023-27253
2023-03-18 14:00:03.263511 (Squid, XSS) CVE-2023-24278 https://cve.report/CVE-2023-24278
2023-03-18 19:00:02.658682 (PHP) CVE-2023-1481 https://cve.report/CVE-2023-1481
2023-03-18 19:00:02.659181 (PHP, SQL injection, Critical) CVE-2023-1480 https://cve.report/CVE-2023-1480
2023-03-18 19:00:02.659678 (PHP, Critical) CVE-2023-1479 https://cve.report/CVE-2023-1479
2023-03-18 20:00:02.867187 (Critical) CVE-2023-1484 https://cve.report/CVE-2023-1484
2023-03-18 20:00:02.867698 (SQL injection, Critical) CVE-2023-1483 https://cve.report/CVE-2023-1483
2023-03-18 20:00:02.868245 (PHP, Code Injection) CVE-2023-1482 https://cve.report/CVE-2023-1482
반응형

'Hacking > CVE List' 카테고리의 다른 글

[CVE] 2023. 03. 20. MR(Monitoring Report)  (0) 2023.03.21
[CVE] 2023. 03. 19. MR(Monitoring Report)  (0) 2023.03.20
[CVE] 2023. 03. 17. MR(Monitoring Report)  (0) 2023.03.18
[CVE] 2023. 03. 16. MR(Monitoring Report)  (0) 2023.03.18
[CVE] 2023. 03. 15. MR(Monitoring Report)  (0) 2023.03.16
반응형

ref

배경

  • Graduate Tracer System 은 학적을 관리하는 시스템이다.
  • Graduate Tracer System 1.0에서 sqli 취약성이 발견되었습니다. 영향을 받는 것은 admin/adminlog.php 파일의 함수이다다. 사용자가 파라미터를 조작하면 SQL 주입이 발생한다. 원격으로 공격이 가능하며, 관리자권한으로 접근 및 명령어 실행이 가능한 취약점이다. 취약성에 대한 공격 방안은 공개가 되어 있습니다.

분석

  • 이 프로그램은 phpstudy 8.1.1.3 을 기반으로 하고 있다.
  • Vulnerability File: tracking/admin/adminlog.php
  • Vulnerability location: tracking/admin/adminlog.php user
  • 로그인시 사용하는 user=* [+] Payload: 파라미터에 페이로드로 공격이 가능하다.

테스트

  1. 관리자 로그인 페이지로 접근
  2. 아이디 부분에 payload를 입력 admin%27 ‘1’=’1 입력
  3. prepared statement 사용하지 않고, 파라미터를 그대로 쿼리스트링의 변수로 받기 때문에 취약성이 발생 slq = select * from xxx where user = ‘admin’ or ‘1’=’1’ and xxx
<?php include('dbcon.php');
 session_start();
if (isset($_POST['submit'])){	
$user = $_POST['user'];
$password = sha1($_POST['password']);

        **$sql = "select * from adminuser where user = '$user' and password = '$password'";**
        $result = mysqli_query($conn,$sql);
                        if ($result->num_rows> 0){
                        $row = mysqli_fetch_assoc($result);
                        $_SESSION['id'] = $row['id'];
                        header("Location:homead.php");
      }else{
                            echo "<script>alert('Mali!! ang iyong user o password na nalagay paki-ulit muli.')</script>";
                        }

}?>

패치 방법

  • 패치 제공하지 않음
  • prepared statement로 변경 후 가동
$stmt = $conn->prepare("**select * from adminuser where user = ? and password = ?**");
$stmt->bind_param("ss", $user, $password);
반응형

'Hacking > CVE Report' 카테고리의 다른 글

[CVE-2023-1761] Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.  (0) 2023.04.19
[CVE-2022-47607]Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting  (0) 2023.03.31
[CVE-2023-24657] pipipam v1.5 reflected cross-site scripting (XSS)  (0) 2023.03.16
[CVE-2023-27985] RCE using bad deserialization in builderio/qwik  (0) 2023.03.14
[CVE-2023-1312] Certain versions of Pimcore/pimcore from Pimcore contain the following vulnerability  (0) 2023.03.11

+ Recent posts

티스토리툴바