[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: XRMS SQLi to RCE 0day
From:       cve-assign () mitre ! org
Date:       2014-08-29 9:06:01
Message-ID: 20140829090601.5C2C71F03CA () smtpksrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> We get SQL injection via $_SESSION poisoning

Use CVE-2014-5520.


> exploit a trivial command injection
> cmd = urllib.urlencode([("; echo '0x41';" + command + ";echo '14x0';",None)])
> url = 'http://'+domain+'/plugins/useradmin/fingeruser.php?username=' + cmd

Use CVE-2014-5521.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUAEH4AAoJEKllVAevmvmsyX0H/3MDCARe+SyjOC1IGHrZC+sM
66Q3DelGzUBB2kU+lXVaEhibITT19oyKl/k//PbippCJv6sdu2gjcxeKWzatbPK9
6zTxfjdrcidxhp3a5VPJQA9Bk/v0sTwFyjz+RN/p1c/GMQV4oHOp5TNv0GUV10A2
PB3cx0/fCKpRa5EbrsFdxAL3lEAw25KiC1SCSZcrssXGuVJKDcfZJNfmiGs1vDpX
TSaULBoe8lLOWr+Xw2az8WOtsh0FX3xhi7Z8ohxnw5AykuJ6Z7CgM875Gj3xM8Tb
e76rwNIvPXMI3z7IcdB8ymt0Z8g0oM4v6IdX8z157Ce5c2tG6U/gwsfPmCSQPpo=
=Zzco
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]