header-logo
Suggest Exploit
vendor:
PhotoPost PHP
by:
Cyber-sec
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PhotoPost PHP
Affected Version From: 4.0
Affected Version To: 4.6
Patch Exists: NO
Related CWE: N/A
CPE: a:photopost:photopost_php
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Pack 3
2010

PhotoPost PHP SQL Injection Vulnerability

A SQL injection vulnerability exists in PhotoPost PHP versions 4.0 - 4.6. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the 'cat' parameter in the URL.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: PhotoPost PHP SQL Injection Vulnerability
# Date: 23/07/2010
# Author: Cyber-sec
# Software Link: www.photopost.com
# Version: 4.0 - 4.6
# Tested on: windows xp pack 3
# CVE : N/A 
						
--------------------------exploit------------------------------
dork : Powered by: PhotoPost PHP 4.6

exploit: www.site.com/photopost/index.php?cat=1 [sql injection]
---------------------------------------------------------------------------------------
Special Thanks to : Dz-Ghost theblind747 all my frend

Navigation

Suggest Exploit

Services By CQR