Realtor WebSite System E-Commerce SQL Injection Vulnerability

vendor:

Realtor WebSite System E-Commerce

by:

cyberlog

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Realtor WebSite System E-Commerce

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Realtor WebSite System E-Commerce SQL Injection Vulnerability

A vulnerability exists in Realtor WebSite System E-Commerce, which allows an attacker to inject malicious SQL commands into the 'idcourse' parameter of the 'coursedetail_eng.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should use parameterized queries to prevent SQL injection.

Source

Exploit-DB raw data:

===============================================
Realtor WebSite System E-Commerce SQL Injection Vulnerability
===============================================


               __                  __               
 .----..--.--.|  |--..-----..----.|  |.-----..-----.
 |  __||  |  ||  _  ||  -__||   _||  ||  _  ||  _  |
 |____||___  ||_____||_____||__|  |__||_____||___  |
       |_____|                               |_____|

####################################################
#Realtor WebSite System E-Commerce SQL Injection Vulnerability
####################################################
# Vendor:http://www.redcatstudios.net/
# Discovered by : cyberlog
# Site          : Sekuritionline.net
# Channel       : #SekuritiOnline [ Now Just My Bot ] :P

# Dork          : "Web Site Design by Red Cat Studios"
]

# Exploit       : [site]/coursedetail_eng.php?idcourse=[SQL Injection]
                  
                  
# Thanks        : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,
                  jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,blindboy,sukam,
                  SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathews,aurel666,Inoef,dbanie,

# special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] :),
# Hiroyuki Doni thanks to create New design SO T-shirt :)P 
# Inj3ct0r Now Brothers with Sekuritionline
                
####################################################
# Demo: 
# http://localhost/coursedetail_eng.php?idcourse=[SQL Injection]

####################################################

We never die !!!! indonesian Underground Community
!!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!
!!!!! anjing juga buat admin site indon3sia yang merasa sok h3bat, dikasih tahu ada hole malah nyolot !!!!!

KacrUt I h@te U :P [ jika kau tidak mau aku katakan LOv3 ]
Give me NOCAN Brothers :P
am nt hacker just Lik3 Syst3m S3curity

 .-----..-----.|  |--..--.--..----.|__||  |_ |__|.-----..-----.|  ||__|.-----..-----.
 |__ --||  -__||    < |  |  ||   _||  ||   _||  ||  _  ||     ||  ||  ||     ||  -__|
 |_____||_____||__|__||_____||__|  |__||____||__||_____||__|__||__||__||__|__||_____|