vendor:
Flippy HotViral – Viral Pictures and Video Script
by:
Ihsan Sencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Flippy HotViral – Viral Pictures and Video Script
Affected Version From: 2.0.0
Affected Version To: 2.0.0
Patch Exists: NO
Related CWE: N/A
CPE: a:flippyscripts:flippy_hotviral_viral_funny_pictures_and_video_script
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Flippy HotViral – Viral Pictures and Video Script v2.0.0 – SQL Injection
An attacker can exploit a SQL injection vulnerability in Flippy HotViral – Viral Pictures and Video Script v2.0.0 to gain access to the admin credentials. The attacker can send a malicious SQL query to the vulnerable parameter ‘id’ in the ‘picture.php’ and ‘video.php’ scripts. The malicious query will return the admin username and password in the response.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
