iMoveis SQL Injection Vulnerability

vendor:

iMoveis

by:

EraGoN

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: iMoveis

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:imoveis:imoveis:1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux / Windows XP

2010

iMoveis SQL Injection Vulnerability

A SQL injection vulnerability exists in the iMoveis software, which allows an attacker to inject malicious SQL queries into the application. The vulnerability is triggered when an attacker sends a specially crafted HTTP request containing malicious SQL queries to the vulnerable application. This can result in the execution of arbitrary SQL commands on the underlying database, allowing the attacker to gain unauthorized access to sensitive data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title : iMoveis SQL Injection Vulnerability
# Date : 26/10/2010
# Author : EraGoN
# Software link : http://baixar7.com/download/acc-imoveis-script-php.rar/3d1e7bf4b9
# Version : 1.1
# Tested on : Linux / Windows XP


# Dork :

inurl:imoveis.php?id=

#Error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server

version for the right syntax to use near '20'' at line 1

#Vuln :

http://www.site.org/imoveis.php?id=20


**Proud to be Muslim
**Proud to be Albanian
**www.eragon.ws

Contact : eragon@legends.ag


[ Special Thanks : KuBaNeZi , DJ-DUKLI , The|Denny` , Loock3D , BaDBoY ]
[ Visit / Greetz : ALBANIAN-LEGENDS.COM Members - www.eragon.ws - www.uah1.org.uk ]