GeoClassifieds Lite SQL Injection and Cross-Site Scripting Vulnerabilities

vendor:

GeoClassifieds Lite

by:

7.5

CVSS

HIGH

SQL Injection, Cross-Site Scripting

CWE

Product Name: GeoClassifieds Lite

Affected Version From: 2.0.1

Affected Version To: 2.0.4

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

GeoClassifieds Lite SQL Injection and Cross-Site Scripting Vulnerabilities

The vulnerabilities in GeoClassifieds Lite allow attackers to perform SQL injection and cross-site scripting attacks. These attacks can lead to various consequences such as stealing authentication credentials, compromising the application, accessing or modifying data, and exploiting other vulnerabilities in the database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user input and use parameterized queries to prevent SQL injection attacks. Additionally, implementing proper input validation and output encoding can help prevent cross-site scripting attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49475/info

GeoClassifieds Lite is prone to multiple SQL-injection and cross-site scripting vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

GeoClassifieds Lite 2.0.1, 2.0.3.1, 2.0.3.2 and 2.0.4 are vulnerable; other versions may also be affected. 

http://www.example.com/?a=19&c=id [SQL Attack]
Cookie: language_id=1[SQL attack]
Cookie: </div><script>alert('Xssed-By-Yassin');</script>
http://www.example.com/index.php?a=19&c=</div><script>alert('Xssed By
Yassin');</script>
http://www.example.com/?a=19&c="+onmouseover=alert('Xssed-By-Yassin')+