MuWeb 0.8 Sql Injection

Posted August 4, 2008
Filed under: how to, research - custom | Tags: , |

The other day I saw in search engine terms in my stats page (i usually look at it cause I’m trying to write posts according to what people look for when thrown over here) that someone came by searching for MuWeb 0.8 Sql Injection… for those I have a good news there is such a vulnerability… I as other people had to take some time to find out about it, because never took a look at the registration page… yep there it is situated in email input… why only there? Because there isn’t a email validation or string cleaning applied to it… (some patches clean the other strings but email not)… also the email input field had not a predefined length… yeah you can remove them, but they are trimmed in the php script…

‘;shutdown–

^^

15 comments so far

  1. jeremy on August 4, 2008

    it is not long enough to add good commands Example to add items :P

    Reply
  2. 4e4en on August 6, 2008

    But thats enought to crash server :)

    Reply
  3. dblackshell on August 6, 2008

    not hard to modify stats and all that shit, just have to know the table name… I think it’s AccountCharacter (if remember well)… for adding items could check on the web… also knowing item codes would help you… also found on google.. ;)

    Reply
  4. jeremy on August 11, 2008

    it’s
    ”; update charater set strenght=value where name =’carname’ ;–
    you just need to remove limit..

    Reply
  5. Tang on September 21, 2008

    Hi,

    how to delete tables like memb_stat or memb_info?

    ”; delete memb_stat ;- ?

    thx

    Reply
  6. dblackshell on September 22, 2008

    “; drop table memb_stat–

    Reply
  7. Cobranza on November 7, 2008

    m….. whats is this?:
    Fatal error: Call to a member function on a non-object in c:\appserv\www\includes\character.class.php on line 25

    luego de poner “” ‘; drop table memb_stat– “”
    on click “register”

    Reply
  8. dblackshell on November 10, 2008

    possibly the server has magic_quotes turned on… or you didn’t use 2 (-) dashes…

    Reply
  9. dblackshell on November 10, 2008

    the quotes confused me… did you comment out the rest of the query (2 dashes)?

    Reply
  10. Cobranza on November 11, 2008

    the quotes confused you? the (“)??????
    sory, my english is sow sow or I do not speak much in english, but
    the quotes ir only for demo, de real code is
    ‘; drop table memb_stat–
    mm….. the (–) yes, is real, but, not enter the complete code, for input “email” jajajaja
    my english, jajajaja
    m………
    saving the font code, and, editing maxlength=”999999999″ of mail, is posible, but, other exist?¿?¿?¿?¿
    sorry for my english, is low, sow sow,

    Reply
  11. Cobranza on November 11, 2008

    m……. how to quit de magic_quotes?¿
    how to…… how to….. jaja how to avoiding the magic_quotes?¿?¿?¿?¿
    it is possible?

    Reply
  12. Cobranza on November 11, 2008

    whats is your mail??

    Reply
  13. Cobranza on November 11, 2008

    my email is el_vengansa@hotmail.com

    Reply
  14. deivid on December 31, 2008

    MU xelente…O Melhor

    Verssão 1.02n s2 ep
    Drops:80%
    Bug Bless ON
    Capacidade:500 Online

    Site>>> http://www.muexel.dahora.net
    Servidor Dedicado 24Hrs…OnLine!

    Reply
  15. halloween on June 21, 2009

    tirame ami si podes salame
    http://mu-helloween.servegame.com/

    ahi tenes pt no saves nada lo mio es

    indestructible

    Reply

Leave a reply