vendor:
D-Tendencia Bt 2008
by:
Dr.0rYX and Cr3w-DZ
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: D-Tendencia Bt 2008
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
D-Tendencia Bt 2008 SQL Injection Vulnerability
A vulnerability exists in D-Tendencia Bt 2008 which allows an attacker to inject malicious SQL queries via the 'lcat_id' parameter in the 'list.php' script. An attacker can use this vulnerability to gain access to sensitive information from the database, such as usernames and passwords. The vulnerable parameter can be found in the URL http://server/list.php?lcat_id=[N.A.S.T]. The exploit code for this vulnerability is http://server/list.php?lcat_id=-1+union+select+concat(admin_name,0x3a,admin_pass,0x3a,admin_mail)+from+admin.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.