Daily Inspirational Quotes Script SQL Injection Vulnerability

vendor:

Daily Inspirational Quotes

by:

Valentin Hoebel

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Daily Inspirational Quotes

Affected Version From: unknown

Affected Version To: unknown

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Daily Inspirational Quotes Script SQL Injection Vulnerability

The Daily Inspirational Quotes Script is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'id' parameter in the 'tellafriend.php' script.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information 
Advisory/Exploit Title = Daily Inspirational Quotes Script SQL Injection Vulnerability
Author = Valentin Hoebel
Contact = valentin@xenuser.org


[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Daily Inspirational Quotes
Author = Ed Pudol
Link = http://www.buymyscripts.net/10/Daily_inspirational_quotes_web_site_script_and_database.html
Affected Version(s) = unknown

 
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 SQL Injection
target/tellafriend.php?id=[SQL Injection]


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 14.06.2010


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz = cr4wl3r, JosS
<3 packetstormsecurity.org!


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]