BoutikOne® (description.php) Sql Injection Vulnerability

vendor:

BoutikOne®

by:

IRAQ_JAGUAR

7.5

CVSS

HIGH

Sql Injection

CWE

Product Name: BoutikOne®

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

BoutikOne® (description.php) Sql Injection Vulnerability

Input passed to the 'description.php' script is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation and proper sanitization of user input should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

	_____  _________           ________        ____________                _____    ________         ________    _____     _____     ________      _________
   |     ||    __    \        / ______ \      /            \              |     |  / ______ \       / _______ \ |     |   |     |   / ______ \    |    __    \
   |_____||   |   \   \      / /      \ \    /              \             |_____| / /      \ \     / /       | ||_____|   |_____|  / /      \ \   |   |   \   \
	|   | |   |___/   /     / /   __   \ \  |      ___       |             |   | / /   __   \ \   / /        | | |   |     |   |  / /   __   \ \  |   |___/   /
    |   | |__________/     / /   |  |   \ \ |     |   |      |             |   |/ /   |  |   \ \ / /             |   |     |   | / /   |  |   \ \ |__________/ 
	|   | |  |    \  \    | |    |__|    | ||     |___|      |        ___  |   || |   |__|     | | |       ____  |   |     |   || |    |__|    | ||  |    \  \
	|   | |  |     \  \   | |____________| ||                |       |   | |   || |____________| | |      | || | |   |     |   || |____________| ||  |     \  \
	|___| |  |      \  \  | | IRAQ_JAGUAR| | \              QQ       |   |_|   || | IRAQ_JAGUAR| | |      |_|| | |   |     |   || | IRAQ_JAGUAR| ||  |      \  \
   |     ||  |       \  \ | |            | |  \____________/ QQ       \ JAGUAR || |            | | \________/  |  \   \____/  / | |            | ||  |       \  \
   |_____||__|        \__\|_|            |_|    IRAQ_JAGUAR   QQ______ \_______||_|            |_|_____________|   \_________/  |_|            |_||__|        \__\
   
#--------------------------------------------------------
#BoutikOne®  (description.php)  Sql Injection Vulnerability
#--------------------------------------------------------
#Date 05-03-2011
#
#--------------------------------------------------------
#Discovered By: IRAQ_JAGUAR
#
#
#Mail: iraq_jaguar@yahoo.com       
#-------------------------------------------------------
#
#Script:   BoutikOne®
#
#Script Home Page:  http://www.boutikone.com
#
#--------------------------------------------------------
#Poc/Exploit:
#
#
#http://www.target.com/[path]/description.php?id=1'
#
#
#
#Greetz To : White Devil , Fady Falah , Sec-Mind , Joker Sql  , ALL IRAQIZ HACKERZ
------------------------------------------------------------------------------------------------------------------------------------------------------