header-logo
Suggest Exploit
vendor:
Invoice Template
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Invoice Template
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:xlinesoft:invoice_template:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Invoice Template v1.0 for PHPRunner/ASPRunnerPro/ASPRunner.NET. – SQL Injection

An attacker can exploit a SQL injection vulnerability in Invoice Template v1.0 for PHPRunner/ASPRunnerPro/ASPRunner.NET. by sending a malicious SQL query to the vulnerable web application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or even execute arbitrary code on the server.

Mitigation:

Developers should use parameterized queries to prevent SQL injection attacks. Additionally, input validation should be used to ensure that user-supplied data is valid and does not contain malicious code.
Source

Exploit-DB raw data:

# # # # #
# Exploit Title: Invoice Template v1.0 for PHPRunner/ASPRunnerPro/ASPRunner.NET. - SQL Injection
# Google Dork: N/A
# Date: 07.04.2017
# Vendor Homepage: https://xlinesoft.com/
# Software: https://xlinesoft.com/invoice
# Demo: https://xlinesoft.com/livedemo/invoice/livedemo1/
# Version: 1.0
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# #ihsansencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/invoices_view.php?hash=[SQL]
# # # # #

Navigation

Suggest Exploit

Services By CQR