Eroauktion 2010 - exploit.company

vendor:

Eroauktion 2010

by:

DeadLy DeMon

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Eroauktion 2010

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP 3 and Backtrack4

2010

Eroauktion 2010 <= SQL injection Vulnerability Proof of Concept

The vulnerability exists in the 'item.php' script, which is vulnerable to SQL injection attacks when the 'id' parameter is supplied with malicious input.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

+Name : Eroauktion 2010 <= SQL injection Vulnerability Proof of Concept
+Autor : DeadLy DeMon
+Date : 18.12.2010
+Script : Eroauktion 2010
+Download : ----
+Dork : Not Dork
+Price : 39.90  EURO
+Language : PHP
+Tests : Windows XP SP 3 and Backtrack4 any other OS
+Discovered by DeadLy DeMon
+ Cyber - Warrir TIM =>> www.cyber-warrior.org
+Greetz to All Cyber-Warrior Members
---------------------------------------------------------------------------------------



Kah çıkarım gökyüzüne seyrederim alemi kah inerim yeryüzüne seyreder alem
beni beni :)))
----------------------------------------------------------------------------------------

Bug ;

server/flashauktion2010/item.php?id=' [Sql Inj. ]
---------------------------------------------------------------------------------------