Craigslist Clone Gold SQL injection Vulnerability

vendor:

Craigslist Clone Gold

by:

Fallaga

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Craigslist Clone Gold

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Demo

2013

Craigslist Clone Gold SQL injection Vulnerability

This exploit allows an attacker to perform SQL injection on the Craigslist Clone Gold script. By manipulating the 'view' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The specific payload used in the exploit is '-1 union select concat(email,0x3a,code) from clf_ads--'.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in SQL queries or use prepared statements with parameterized queries. Regular security updates and patches should also be applied to the Craigslist Clone Gold script.

Source

Craigslist Clone Gold SQL injection Vulnerability

Mitigation:

Exploit-DB raw data: