header-logo
Suggest Exploit
vendor:
Codecanyon Clone Script
by:
Ihsan Sencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Codecanyon Clone Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:bsetec:codecanyon_clone_script
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Codecanyon Clone Script – SQL Injection

A SQL injection vulnerability exists in Codecanyon Clone Script, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the application. This can result in the disclosure of sensitive information, manipulation of data, or even the execution of arbitrary code.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in a way that would allow an attacker to modify the logic of the executed query.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Codecanyon Clone Script - SQL Injection
# Google Dork: N/A
# Date: 08.03.2017
# Vendor Homepage: http://bsetec.com/
# Software : http://codecanyonclone.bsetec.com/
# Demo: http://www.bsetecdemo.com/codecanyonclone/
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/LastAdded/?by=[SQL]
# # # # #

Navigation

Suggest Exploit

Services By CQR