Boat Classifieds SQL Injection Vulnerability (printdetail.asp?Id)

vendor:

Boat Classifieds

by:

CoBRa_21

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Boat Classifieds

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Boat Classifieds SQL Injection Vulnerability (printdetail.asp?Id)

A SQL injection vulnerability exists in Boat Classifieds, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is triggered when an attacker sends a specially crafted HTTP request to the printdetail.asp page with an invalid Id parameter. This can be exploited to gain access to sensitive information from the database, such as user credentials and other confidential data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

##################################################################################################

Boat Classifieds SQL Injection Vulnerability (printdetail.asp?Id)
 
##################################################################################################
 
Author : CoBRa_21

Script Home : http://www.site2nite.com/boat-webdesign.asp

Dork : null

##################################################################################################
 
Sql Injection:

http://localhost/[path]/printdetail.asp?Id=661 and 1=1 

http://localhost/[path]/printdetail.asp?Id=661 and 1=2 

################################################################################################## 		 	   		  
_________________________________________________________________
Yeni Windows 7: Size en uygun bilgisayar? bulun. Daha fazla bilgi edinin.
http://windows.microsoft.com/shop