header-logo
Suggest Exploit
vendor:
Okul Portali
by:
Unknown
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Okul Portali
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Hünkaray Okul Portali SQL Injection Vulnerability

The Hünkaray Okul Portali is vulnerable to an SQL injection vulnerability due to insufficient sanitization of user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability by manipulating the SQL query logic to perform unauthorized actions on the underlying database. An example exploit URL is provided: http://www.example.com/okul/haberoku.asp?id=11%20union+select+0,sifre,kullaniciadi,3,4+from+admin

Mitigation:

To mitigate this vulnerability, the application should properly sanitize user-supplied data before using it in SQL queries. Prepared statements or parameterized queries can be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24288/info

Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Hünkaray Okul Portalý 1.1 is vulnerable to this issue.

http://www.example.com/okul/haberoku.asp?id=11%20union+select+0,sifre,kullaniciadi,3,4+from+admin

Navigation

Suggest Exploit

Services By CQR