vendor:
IndexScript
by:
xssvgamer
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: IndexScript
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Blind SQL Injection in IndexScript
The exploit allows an attacker to perform a blind SQL injection attack on the IndexScript website. By manipulating the 'cat_id' parameter in the 'show_cat.php' page, the attacker can extract login credentials from the 'dir_login' table.
Mitigation:
To mitigate this vulnerability, the developer should use parameterized queries or prepared statements to sanitize user input and prevent SQL injection attacks.