2daybiz Video Community portal user-profile.php SQL injection

vendor:

Video Community Portal Script

by:

Sangteamtham

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Video Community Portal Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: 2daybiz/videocommunity_portalscript

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

2daybiz Video Community portal user-profile.php SQL injection

An attacker can inject malicious SQL queries into the user-profile.php page of the 2daybiz Video Community portal, by appending the malicious SQL query to the userid parameter.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

$-------------------------------------------------------------------------------------------------------------------
$ 2daybiz Video Community portal"user-profile.php" SQL injection
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.2daybiz.com/videocommunity_portalscript.html
$ Date :06/24/2010
$
$******************************************************************************************
$Exploit:
$
$ http://server/user-profile.php?userid=[id number][SQL]
$
$******************************************************************************************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for
more security
$
$
$--------------------------------------------------------------------------------------------------------------------