Thatware 0.4.6 - (friend.php) - SQL Injection

vendor:

Thatware

by:

Besim

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Thatware

Affected Version From: 0.4.6

Affected Version To: 0.4.6

Patch Exists: N/A

Related CWE: N/A

CPE: a:thatware:thatware:0.4.6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP

2016

Thatware 0.4.6 – (friend.php) – SQL Injection

An SQL injection vulnerability exists in Thatware 0.4.6 in the friend.php file. The vulnerable parameter is $sid, which can be exploited to execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title :----------------- : Thatware 0.4.6 - (friend.php) - SQL Injection
# Author :------------------------ : Besim
# Google Dork :---------------- :  -
# Date :-------------------------- : 13/10/2016
# Type :-------------------------- : webapps
# Platform : -------------------- :  PHP  
# Vendor Homepage :------- : -
# Software link : -------------- : https://www.exploit-db.com/apps/13132b3e0eaeffc3fad55fded9e5bdc6-thatware_0.4.6.tar.gz

  
############################ SQL INJECTION Vulnerabilty ############################
      
*-* Code *-* 

include ("header.php");
$result=mysql_query("select title from stories where sid=$sid")

*-* Vulnerable parameter-: $sid
 
*-* File-----------------: friend.php?sid=(SQL inj)