The iceberg 'Content Management System' SQL Injection Vulnerability

vendor:

Content Management System

by:

cyberlog

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Content Management System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

The iceberg ‘Content Management System’ SQL Injection Vulnerability

The iceberg 'Content Management System' is vulnerable to SQL Injection. The vulnerability can be exploited by sending malicious SQL queries to the vulnerable website. The vulnerable parameter is 'p_id' which can be found in the URL of the website. The malicious query can be used to extract sensitive information from the database.

Mitigation:

The best way to mitigate this vulnerability is to use parameterized queries and input validation. It is also recommended to use a web application firewall to detect and block malicious requests.

Source

Exploit-DB raw data:

==========================================================
The iceberg 'Content Management System' SQL Injection Vulnerability
==========================================================

# The iceberg 'Content Management System' SQL Injection Vulnerability
# Homepage    : http://www.imagetraders.com.au
# Discovered  : by cyberlog
# Dork        : details.php?p_id=
# Dork        : 'Design & SEO by Image Traders Pty Ltd'
# Exploit     : http://[target]/details.php?p_id=[SQL Injection]
# Thanks      : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,                 jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL                        SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathewsa.k.a Nyubicrew
# My Site     : http://sekuritionline.net
# Channel     : #sekuritionline
#special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] :), 
Inj3ct0r Now Brothers with Sekuritionline
==============================================
We never die !!!! indonesian Underground Community
!!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!
KacrUt I L0v3 U :P
Give me NOCAN Brothers :P
am nt hacker just Lik3 Syst3m S3curity