header-logo
Suggest Exploit
vendor:
Online Community
by:
JaMbA
9
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Online Community
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2020

iNet Online Community Blind SQLi Vulnerability

A Blind SQL Injection vulnerability exists in iNet Online Community, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'profile_social.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, such as user credentials, or even full system compromise.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in database queries.
Source

Exploit-DB raw data:

# Exploit Title: iNet Online Community Blind SQLi Vulnerability
# Author: JaMbA
# Script url: http://www.i-netsolution.com/online-community-php-scripts.html
# Tested on: Windows

=================Exploit==================

[ EXPL0!T ]

http://server/path/profile_social.php?id=[BSQLi]

===========================================================

Greetz to : Alnjm33-virus-pal -g3n1ux - Predator-Ahmadso - xXx-jago-dz
-injecteur-4PY-SaYrOs- XR57 -Tr0y-x -alsaek
And All Tunisian hacker

=== SwT Labs ====

Navigation

Suggest Exploit

Services By CQR