header-logo
Suggest Exploit
vendor:
Freelance script
by:
JaMbA
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Freelance script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: 2daybiz/freelance_script
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2010

2daybiz Freelance script SQL injection Vulnerability

A vulnerability exists in 2daybiz Freelance script, which allows an attacker to inject malicious SQL commands into the 'pid' parameter of the 'project_details.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be used to bypass authentication and gain access to the application.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title:   2daybiz Freelance script  SQL injection Vulnerability
# Date: 24/06/2010
# Author: JaMbA
# Script url: http://www.2daybiz.com/freelance_script.html
# Version: N/A
# Tested on: Windows
# CVE : ()

:::::::::::::::::::::::::

:::::::::::::::::::::::::

=================Exploit======
============



[ EXPL0!T ]

 http://server/path/project_details.php?pid=68(SQL)



===========================================================

Greetz to : Alnjm33-virus-pal - Predator-Ahmadso - xXx-jago-dz
-inejcteur-4PY-SaYrOs- XR57 -Tr0y-x -alsaek
And All Tunisian hacker

=== SwT Labs ====

Navigation

Suggest Exploit

Services By CQR