header-logo
Suggest Exploit
vendor:
Domain Trader Script
by:
3spi0n
7.5
CVSS
HIGH
MySQL Injection
89
CWE
Product Name: Domain Trader Script
Affected Version From:
Affected Version To:
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Domain Trader Script, MySQL Injection Vulnerabilities

The Domain Trader Script is vulnerable to MySQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'viewdomain' parameter in the 'catalog.php' page. An example of an exploit URL is provided: 'http://server/catalog.php?viewdomain=now&id=1'

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent SQL injection attacks. Additionally, using parameterized queries or prepared statements can help protect against these types of vulnerabilities.
Source

Exploit-DB raw data:

##################################################################################
       __            _                      _            ____            
      / /___ _____  (_)_____________ ______(_)__  _____ / __ \_________ _
 __  / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__  |__  ) /_/ / /  / /  __(__  )/ /_/ / /  / /_/ / 
\____/\__,_/_/ /_/_/____/____/\__,_/_/  /_/\___/____(_)____/_/   \__, /  
                                                                /____/   
##################################################################################																
Domain Trader Script, MySQL Injection Vulnerabilities
Software Page: http://scriptsgenie.com/index.php?do=catalog&c=scripts&i=domain_trader_script_w%252Fparking
Script Demo: http://www.scriptsgenie.com/demo/trader/

Author(Pentester): 3spi0n
On Social: Twitter.Com/eyyamgudeer
Greetz: Grayhats Inc. and Janissaries Platform.
##################################################################################

[~] MySQL Injection on Demo Site (/catalog.php?viewdomain=now&id=)

>>> http://server/catalog.php?viewdomain=now&id=1' (MySQLi Found)

Navigation

Suggest Exploit

Services By CQR