header-logo
Suggest Exploit
vendor:
Itech News Portal Script
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Itech News Portal Script
Affected Version From: 6.28
Affected Version To: 6.28
Patch Exists: NO
Related CWE: N/A
CPE: a:itechscripts:itech_news_portal_script:6.28
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Itech News Portal Script v6.28 – ‘sc’ Parameter SQL Injection

A vulnerability exists in Itech News Portal Script v6.28, which allows an attacker to inject arbitrary SQL commands via the 'sc' parameter in the subcategory.php file. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user input and escape special characters.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Itech News Portal Script v6.28 - 'sc' Parameter SQL Injection
# Google Dork: N/A
# Date: 02.02.2017
# Vendor Homepage: http://itechscripts.com/
# Software Buy: http://itechscripts.com/news-portal-script/
# Demo: http://news-portal.itechscripts.com/
# Version: 6.28
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/subcategory.php?sc=[SQL]
# E.t.c.
# # # # #

Navigation

Suggest Exploit

Services By CQR