I-net Enquiry management Script SQL Injection Vulnerability

vendor:

I-Net Enquiry Management

by:

D4rk357 D4rk357[at]yahoo][dot]in

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: I-Net Enquiry Management

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

I-net Enquiry management Script SQL Injection Vulnerability

I-net Enquiry mannagement Script has sql injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by manipulating the 'id' parameter in the 'viewaddedenquiry.php' page.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

Name : I-net Enquiry management  Script SQL Injection Vulnerability
Date : july 13, 2010
Critical Level     : HIGH
Vendor Url : http://www.i-netsolution.com/
Author : D4rk357 D4rk357[at]yahoo][dot]in
special thanks to : b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
greetz to :http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members
#####################################################################################
Description :I-Net Enquiry Management This application is boon for people finding difficult
ies in managing their Incoming Enquiries from various sources and their replies to them.
 Enquires are the source of Growing business in any areas of life. Be it a small business
or a Big enterprise, effective handling of the generated enquires leads to new business 
and New sales. Our Research shows that there is a huge market / need for such application 
which can manage the business enquires and handle them effectively. Companies are making 
huge losses as their enquires go unattended or not properly responded. Our IEM takes care 
of the complete requirement and provides Total solution for such need from any quarter of 
business segment. The specifications are as under: The enquiry management system is a web 
based application using latest PHP technologies and MYSQL database.  
########################################################################
Exploit:SQLi Injection
 I-net Enquiry mannagement  Script has sql injection vulnerability 

DEMO URL :http://<server>/Products/order_management/viewaddedenquiry.php?id=[SQli]

###############################################
#When you really want something the whole uniververse consipres for you to achieve it :Paulo Coelho
#D4rk357