Design by web5000 (page_show) SQL Injection Vulnerability

vendor:

page_show.php

by:

BLack Revenge

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: page_show.php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Design by web5000 (page_show) SQL Injection Vulnerability

A vulnerability exists in the page_show.php script of Design by web5000, which allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter in the 'page_show.php' script.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

Title: Design by web5000 (page_show) SQL Injection Vulnerability [#]
Author: BLack Revenge [#]
 Date: 2010/05/25[#]
DorK: Use Your M!nd
Email: Ahmed.h4ck3r@gmail.com
==========================================================================
-----------------------------------------
www.arab-exploit.com    |
------------------------------------------
AraB Expl0iT Cr3w
==========================================================================
SQL Injectin [+]

www.Localhost.com/path/path2/page_show.php?id=[] --->SQL Injection

Demo:
http://[site]/[path]/page_show.php?id=18--->SQL
Injection
==========================================================================
GreeTz ALL My Friend's  D3vil H4ck3r & JrEmA HackEr & Prince IraQ & BLaCk
FoXxX
==========================================================================