Lowest unique bid auction, SQLi Vulnerabilities

vendor:

Lowest unique bid auction

by:

3spi0n

CVSS

HIGH

SQL Injection

CWE

Product Name: Lowest unique bid auction

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2019

Lowest unique bid auction, SQLi Vulnerabilities

Lowest unique bid auction is vulnerable to SQL injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'id' in the URL. This can be used to bypass authentication, access, modify and delete data in the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

##################################################################################
  _____                 _       _   _                _____           
 |  __ \               | |     | | (_)              / ____|          
 | |__) |_____   _____ | |_   _| |_ _  ___  _ __   | (___   ___  ___ 
 |  _  // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \   \___ \ / _ \/ __|
 | | \ \  __/\ V / (_) | | |_| | |_| | (_) | | | |  ____) |  __/ (__ 
 |_|  \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|
                                                                                                                                        
##################################################################################                                
Lowest unique bid auction, SQLi Vulnerabilities
Product Page: http://www.auctionwebsitescript.com/lowest_uniq_bid_auction.html
Script Demo: http://lowbidauction.auctionwebsitescript.com/

Author(Pentester): 3spi0n
On Web: RevolutionSec.Com - Janissaries.Org
On Social: Twitter.Com/eyyamgudeer
##################################################################################

[+] (index.php, show Param)
>>> [url]/index.php?show=static_page&id='2