header-logo
Suggest Exploit
vendor:
getInternet
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: getInternet
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

getInternet SQL Injection Vulnerabilities

Multiple remote SQL injection vulnerabilities exist in the 'welcome.asp', 'checklogin.asp', and 'lostpassword.asp' scripts of getInternet. These vulnerabilities occur due to the application's failure to properly validate user-supplied input before using it in SQL queries. An attacker can exploit these vulnerabilities to manipulate and inject SQL queries into the database, potentially stealing sensitive information and launching further attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, the use of least privilege principles and regular security assessments can help identify and address potential security flaws.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11150/info

getInternet is vulnerable to multiple remote SQL injection vulnerabilities in the 'welcome.asp', 'checklogin.asp', and 'lostpassword.asp' scripts. These issues are due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. 

An attacker may exploit these issues to manipulate and inject SQL queries onto the underlying database. It is possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to make attacks against the underlying database.

The following proof of concept examples are available:
/welcome.asp?page=content_search.asp&search=[SQL]

/welcome.asp?page=content_display.asp&id=[SQL]&category=[SQL]

/welcome.asp?page=category_display.asp&category=[SQL]

/welcome.asp?page=contact_form.asp&id=[SQL]

/checklogin.asp
username: [SQL]
password: [SQL]

/lostpassword.asp
Name: [SQL]
Surname: [SQL]
ID Number: [SQL]

Navigation

Suggest Exploit

Services By CQR