vendor:
Open Biller
by:
Anonymous
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Open Biller
Affected Version From: 0.1
Affected Version To: 0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:geekbill:open_biller
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Open Biller 0.1 Blind SQLi exploit
The vulnerability exists due to insufficient sanitization of the 'username' parameter in the 'login.php' script. An attacker can inject arbitrary SQL commands and gain access to the application. The exploit is achieved by sending a specially crafted HTTP request with the malicious 'username' parameter.
Mitigation:
Input validation should be used to prevent SQL injection attacks.