sean finney on 27 Apr 2009 22:39:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] slightly off topic, joomla fireboard sql injection vulnerability?

okay, i was curious about this one:

On Mon, Apr 27, 2009 at 06:54:23PM -0400, Michael Lazin wrote:
> trator/index2.php HTTP/1.1" 200 142884 "
> dministrator/index2.php?option=com_content&sectionid=0&mosmsg=1%20\xe6\x9d\xa1\x
> e7\x9b\xae\xe6\x88\x90\xe5\x8a\x9f\xe5\xa4\x8d\xe5\x88\xb6\xe5\x88\xb0\xe5\x8d\x
> 95\xe5\x85\x83:%20\xe6\x89\x80\xe6\x9c\x89\xe6\x96\x87\xe7\xab\xa0,%20\xe5\x88\x
> 86\xe7\xb1\xbb:%20\xe5\x8a\xa0\xe6\x8b\xbf\xe5\xa4\xa7\xe7\x94\x9f\xe6\xb4\xbb"
> "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Alexa Toolbar)" "-"

while initially kinda scary, this doesn't look like shell code/exploit.  try

printf '1 \xe6\x9d\xa1\xe7\x9b\xae\xe6\x88\x90\xe5\x8a\x9f\xe5\xa4\x8d\xe5\x88\xb6\xe5\x88\xb0\xe5\x8d\x95\xe5\x85\x83: \xe6\x89\x80\xe6\x9c\x89\xe6\x96\x87\xe7\xab\xa0, \xe5\x88\x86\xe7\xb1\xbb: \xe5\x8a\xa0\xe6\x8b\xbf\xe5\xa4\xa7\xe7\x94\x9f\xe6\xb4\xbb' > foo.txt

(%20 == space which i manually replaced)

cat foo.txt:
1 条目成功复制到单元: 所有文章, 分类: 加拿大生活

(for those without proper utf8 support, that's a blob of chinese text).

asking google to translate:

1 entry successfully copied to the unit: All articles, Category: Canada Life



Attachment: signature.asc
Description: Digital signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --