header-logo
Suggest Exploit
vendor:
Gekko CMS
by:
[]0iZy5
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Gekko CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Gekko CMS (SQL Injection) Vulnerability

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

Mitigation:

Input validation, parameterized queries, stored procedures, and other techniques can help prevent SQL injection attacks.
Source

Exploit-DB raw data:

##################################################################
##################################################################
#          ___   ___  _   _____        __                   _    #
#         / _ \ / _ \| | |  __ \      / _|                 | |   #
#    _ __| | | | | | | |_| |  | | ___| |_ __ _  ___ ___  __| |   #
#   | '__| | | | | | | __| |  | |/ _ \  _/ _` |/ __/ _ \/ _` |   #
#   | |  | |_| | |_| | |_| |__| |  __/ || (_| | (_|  __/ (_| |   #
#   |_|   \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_|   #
#                                                                #
#                                                                #
#                                             +-+-+-+-+          #
#                                             |C|r|e|w|          #
#                                             +-+-+-+-+          #
##################################################################
##################################################################
# [#] Gekko CMS (SQL Injection) Vulnerability                    #
# [#] Discovered By []0iZy5                                      #
# [#] http://r00tDefaced.com                                     #
# [#] Greetz: sHoKeD-bYte, Gn0515, Nex & r00tDefaced Members     #
##################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
#               SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
#          http://127.0.0.1/path/search/?cvx=[SQL Injection] 
#          http://127.0.0.1/path/search/?uid=[SQL Injection]
#          http://127.0.0.1/path/search/action/search/?cvx=[SQL Injection]
#          http://127.0.0.1/path/search/action/search/?uid=[SQL Injection]
# 
# Example: -1+ORDER+BY+1-- [You can find the number of columns (Well just incrementing the number until we get an error.)]
#
# The Risk:
#     By exploiting this vulnerability, an attacker can inject malicious code in the script and can have access to the database.
#
# Fix the vulnerability:
#     To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parametrized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#################################################################

# r00tDefaced.com [29/June/2010]

Navigation

Suggest Exploit

Services By CQR