|
Message-Id: <20140829090601.5C2C71F03CA@smtpksrv1.mitre.org> Date: Fri, 29 Aug 2014 05:06:01 -0400 (EDT) From: cve-assign@...re.org To: bch@...h.ai Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: XRMS SQLi to RCE 0day -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > We get SQL injection via $_SESSION poisoning Use CVE-2014-5520. > exploit a trivial command injection > cmd = urllib.urlencode([("; echo '0x41';" + command + ";echo '14x0';",None)]) > url = 'http://'+domain+'/plugins/useradmin/fingeruser.php?username=' + cmd Use CVE-2014-5521. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUAEH4AAoJEKllVAevmvmsyX0H/3MDCARe+SyjOC1IGHrZC+sM 66Q3DelGzUBB2kU+lXVaEhibITT19oyKl/k//PbippCJv6sdu2gjcxeKWzatbPK9 6zTxfjdrcidxhp3a5VPJQA9Bk/v0sTwFyjz+RN/p1c/GMQV4oHOp5TNv0GUV10A2 PB3cx0/fCKpRa5EbrsFdxAL3lEAw25KiC1SCSZcrssXGuVJKDcfZJNfmiGs1vDpX TSaULBoe8lLOWr+Xw2az8WOtsh0FX3xhi7Z8ohxnw5AykuJ6Z7CgM875Gj3xM8Tb e76rwNIvPXMI3z7IcdB8ymt0Z8g0oM4v6IdX8z157Ce5c2tG6U/gwsfPmCSQPpo= =Zzco -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.