Inscribe Webmedia SQL Injection

vendor:

N/A

by:

Netrondoank aka netron

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2011

Inscribe Webmedia SQL Injection

This vulnerability affects Malaysian CMS sites. It is exploitable by sending malicious SQL queries to the vulnerable parameter 'id' in the URL http://127.0.0.1//path/news_body.php?id=[sqli].

Mitigation:

Input validation and sanitization should be used to prevent malicious SQL queries from being sent to the vulnerable parameter.

Source

Exploit-DB raw data:

Inscribe Webmedia SQL Injection
=========================================================
# Exploit Title : Inscribe Webmedia SQL Injection
# Date : 14 July 2011
# Author : Netrondoank aka netron
# Platform/Tested on: Linux
# myweb : http://www.ilmuhacker.org
# Version : none
# Software Link: : http://www.inscribe.com.my/
# dork : 1997 - 2011 Inscribe Webmedia. All Rights Reserved
======================================================================

# vuln here
http://127.0.0.1//path/news_body.php?id=[sqli]

This Vulnerable For Malaysian CMS Site

Spesial thanks to all friend @ site : Indonesian Security +
codenesia.com + palembang Hackerlink + Blitar hackerlink + hacker
newbie
+ anak anak uin community.us terutama dijeh subhan yoo
ama juragan syarif dll