vendor:
e-webtech
by:
CoBRa_21
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: e-webtech
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
e-webtech (page.asp) SQL Injection Vulnerability
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable page.asp page. The attacker can use the 'union' keyword to inject malicious SQL code into the vulnerable page.asp page. This will allow the attacker to gain access to the adminpassword table, which contains the username and password of the administrator. The attacker can then use the username and password to gain access to the administrator panel.
Mitigation:
The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries. Additionally, the application should be configured to use parameterized queries instead of dynamic SQL queries.
