Site to Store Automobile - Motorcycle - Boat SQL Injection Vulnerability

vendor:

Site to Store Automobile - Motorcycle - Boat

by:

L0rd CrusAd3r

7,5

CVSS

HIGH

SQLi Vulnerability

CWE

Product Name: Site to Store Automobile - Motorcycle - Boat

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Site to Store Automobile – Motorcycle – Boat SQL Injection Vulnerability

A SQL injection vulnerability was discovered in the Site to Store Automobile - Motorcycle - Boat website. The vulnerability exists in the products_view.php page, where an attacker can inject malicious SQL code into the 'id' parameter.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection.

Source

Exploit-DB raw data:

Vendor url:http://www.mformula.com.br/
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW & AH members.
Spl Greetz to:inj3ct0r.com Team

#####################################################################################################################################################################################################

Description:

* Site to Store Automobile - Motorcycle - Boat SQL Injection Vulnerability
*

Resources and Advantages
Better cost-benefit of the market
Internal system for total administration of the site
Available site in the languages Portuguese, Español, English and Japanese
Property Management
Management Clients
Support for Sale and Rent
Unlimited Publication of Photos for Property
RSS/XML feed
Optimization in search engines
SiteMap Google, Yahoo and Bing
Supported to any type of personalized option (Color, Size, Type, etc)
Personalization of the layout, colors and texts of the site in agreement
your mark
Reports detailed on the site
Support via HelpDesk integrated in the Administration of your site
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://server/products_view.php?id=[sqli]

# 0day n0 m0re #
-- 
With R3gards,
L0rd CrusAd3r