Online Notebook Manager SQLi Vulnerability

vendor:

Online Notebook Manager

by:

L0rd CrusAd3r aka VSN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Online Notebook Manager

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

Online Notebook Manager SQLi Vulnerability

The DMXReady Online Notebook Manager application is vulnerable to SQL Injection. This vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access to or manipulation of the application's database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement input validation and parameterized queries to prevent SQL Injection attacks. Regularly updating the application to the latest version and following secure coding practices can also help prevent such vulnerabilities.

Source

Exploit-DB raw data:

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: Online Notebook Manager SQLi Vulnerability
Version:1.0
Price:$149.97
Vendor url:http://dmxready.com/?product=online-notebook-manager
Published: 2010-06-09
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer,d3c0d3r and to all ICW members
###############################################################################################################################################################################################

                                                                                                           Online Notebook Manager SQLi Vulnerability
                                                                                               Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]

#####################################################################################################################################################################################################

Description:

DMXReady Online Notebook Manager is an easy-to-use application that helps you create, edit, and manage your online documents.
Use as a fast web publisher, build a mini-website, or keep it as your own private online journal.

   1. Use with any standard web browser like Internet Explorer, Firefox, Safari
   2. Structure your notebook as an online document or mini-website
   3. Publish your information quickly and easily - no need for IT
   4. Navigate easily with built-in Navigation Bar/Table of Contents
   5. Skin with ANY template using Dreamweaver or any other HTML editor
   6. Enhance your content by embedding Web 2.0 apps like Google Docs and YouTube Videos
   7. Use as a stand-alone, or integrate with your current website
   8. Easily find content with built-in keyword search
   9. Secure admin pages - built-in login with lost password feature
  10. W3C Valid CSS and XHTML markup
  11. MySQL, MSSQL compatible
  12. Create multiple notebooks with just one installation!

Creating your own online content does not get any easier. DMXReady Online Notebook Manager offers all the flexibility and functionality you need to collect, store, and publish your information.
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

Admin Control:

Usename:admin
Password:admin

DEMO URL :http://site.com/onlinenotebookmanager.asp?ItemID=[SQLi]


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


##########################################################################################################################################################################################