E-Book Store SQL Injection Vulnerability

vendor:

E-Book Store

by:

Valentin Hoebel

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: E-Book Store

Affected Version From: unknown

Affected Version To: unknown

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

E-Book Store SQL Injection Vulnerability

The E-Book Store web site script bundled with 120 ebooks with resellers right is vulnerable to an SQL injection attack. An attacker can inject malicious SQL queries via the 'keyword' parameter in the 'search.php' script.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information 
Advisory/Exploit Title = E-Book Store SQL Injection Vulnerability
Author = Valentin Hoebel
Contact = valentin@xenuser.org


[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = E-Book Store
Author = Ed Pudol
Link = http://www.buymyscripts.net/5/e-Book_Store_web_site_script_bundled_with_120_ebooks_with_resellers_right.html
Affected Version(s) = unknown

 
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 SQL Injection
target/search.php?search=Search&keyword=[SQL Injection]


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 14.06.2010


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz = cr4wl3r, JosS
<3 packetstormsecurity.org!


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]