DuhokForum - exploit.company

vendor:

DuhokForum

by:

M.Jock3R

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: DuhokForum

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:duhoktimes:duhokforum:1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Sp2 FR

2011

DuhokForum <= 1.1 (index.php) SQL Injection Vulnerability

DuhokForum version 1.1 is vulnerable to a SQL injection attack. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable index.php page. This can be done by sending a specially crafted URL to the vulnerable page, such as http:localhost/duhokfrm/index.php?modd=[Inj3ct Here ;)]. This will allow the attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries.

Source

Exploit-DB raw data:

===================================================================
DuhokForum <= 1.1 (index.php) SQL Injection Vulnerability
===================================================================

# Exploit Title: DuhokForum <= 1.1 (index.php) SQL Injection Vulnerability
# Date: 28-05-2011
# Author: M.Jock3R
# Vendor or Software Link: http://www.duhoktimes.com/df/?file=duhokforum-1.1
# Version: 1.1
# Category:: webapps
# Google dork: duhokFrm 1.1 © Dilovan 2007 - 2008
# Tested on: windows XP Sp2 FR
# Demo site: http://forum2009.eb2a.com/index.php?mode=f&f=1'

Exploit:
http:localhost/duhokfrm/index.php?modd=[Inj3ct Here ;)]

===================================================================
Greets To : 

Adelsbm / attiadona / Wjforum 

mail : madrido.jocker@gmail.com

THANKS TO ALL ALGERIAN HACK3R, FOR FREE GAZA 
===================================================================