Yii Framework Forum: Public Exploit 1.1.8 /sql Injection - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Public Exploit 1.1.8 /sql Injection Rate Topic: -----

#1 User is offline   eestevao 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 14
  • Joined: 05-July 12

Posted 21 November 2012 - 03:34 PM

Just receive this http://1337day.com/exploit/19778


Its only afted on 1.1.8? (i know its a old version)

Was a security hole on the framework or on the developed application(i mean can be a problem with AR or something built-in?) ??
0

#2 User is offline   Da:Sourcerer 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,162
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 21 November 2012 - 03:46 PM

I can't find a ticket related to this. And this exploit doesn't seem to affect v1.1.12.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#3 User is offline   Maurizio Domba Cerin 

  • Yii - Yesss It Is !!!
  • Yii
  • Group: Yii Dev Team
  • Posts: 4,317
  • Joined: 12-October 09
  • Location:Croatia

Posted 21 November 2012 - 04:42 PM

This is related to the Nguyen website, check the pictures on the original exploit page - http://i.imgur.com/8OShy.pngriable

His website is still vulnerable to this exploit... this is the code he is using
$q = Yii::app()->getRequest()->getPost("q");

$products = product::model()->findAll(array(
   "condition" => "enable = 1 AND name like '%" . $q . "%'"
));


Problem is that he is using directly the pased search variable $q, instead of binding for example or sanitizing the input.
Find more about me.... btw. Do you know your WAN IP?
0

#4 User is offline   Maurizio Domba Cerin 

  • Yii - Yesss It Is !!!
  • Yii
  • Group: Yii Dev Team
  • Posts: 4,317
  • Joined: 12-October 09
  • Location:Croatia

Posted 21 November 2012 - 04:47 PM

I just tryed to send an email to the website owner through the contact us form... but even there is an error so the mails are not sent I guess

http://baniphone.vn/lienhe/submit

If somebody has a way please let the website owner know about this exploit.
Find more about me.... btw. Do you know your WAN IP?
0

#5 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,131
  • Joined: 17-January 09
  • Location:Russia

Posted 22 November 2012 - 03:59 AM

Site owner has YII_DEBUG turned on as well.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#6 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,131
  • Joined: 17-January 09
  • Location:Russia

Posted 22 November 2012 - 04:05 AM

Found email. Sent a link here to website support.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#7 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,131
  • Joined: 17-January 09
  • Location:Russia

Posted 02 December 2012 - 03:40 PM

Email doesn't repond after all. Looks like this website is abandoned.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users