header-logo
Suggest Exploit
vendor:
Webloader v8
by:
ByEge
N/A
CVSS
N/A
SQL Injection
89
CWE
Product Name: Webloader v8
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Webloader v8 SQL Injection Vulnerability

The webloader v8 script is vulnerable to SQL injection. The 'vid' parameter in the 'vidgoster.php' script is not properly sanitized, allowing an attacker to inject SQL code into the query and manipulate the database.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to ensure that user input is properly sanitized before being used in database queries.
Source

Exploit-DB raw data:

[~] Title: Webloader v8 SQL Injection Vulnerability

[~] Date: 16.05.2010

[~] Script Home: www.webloader.org 

[~] Author: ByEge

[~] Homepage: byege.blogspot.com

[~][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][~]


[~] vidgoster.php Bug code :

[~] <?
[~] include 'baglan.php';
[~] $vid=temiz($_GET['vid']);

[~] $c=solcek("select * from webvideo where id=$vid");
[~] $va=solarray($c);

[~] ?>


[~] Example :

[~] http://site.com/vidgoster.php?vid=1'


[~][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][~]

[~] Th4nks : Fantastik, MitolocyA, ISYAN,

Navigation

Suggest Exploit

Services By CQR