Full Site for Restaurant SQL Injection Vulnerability

vendor:

Full Site for Restaurant

by:

L0rd CrusAd3r

CVSS

HIGH

SQLi Vulnerability

CWE

Product Name: Full Site for Restaurant

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Full Site for Restaurant SQL Injection Vulnerability

A vulnerability was discovered in the internal system for total administration of the site, which is available in multiple languages. The vulnerability allows for an attacker to inject malicious SQL code into the URL parameters of the site, which can be used to gain access to sensitive information.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in any SQL queries.

Source

Exploit-DB raw data:

Vendor url:http://www.mformula.com.br/
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW & AH members.
Spl Greetz to:inj3ct0r.com Team

#####################################################################################################################################################################################################

Description:

* Full Site for Restaurant SQL Injection Vulnerability *

Internal system for total administration of the site, Available site in the
languages Portuguese, Español, English, Japanese, French, Italian and
German, Unlimited Extra Pages and Sub Pages, Menu OnLine, Unlimited Gallery
of Photos Code: PHP 5.0
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://server/?lang=[sqli]

http://server/extrapage.php?cat_id=[sqli]

# 0day n0 m0re #

-- 
With R3gards,
L0rd CrusAd3r