Jurpopage SQL Injection

vendor:

Jurpopage

by:

Sudden_death

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Jurpopage

Affected Version From: 0.2.0

Affected Version To: 0.2.0

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP 2 SP 2

2010

An attacker can inject malicious SQL queries into the vulnerable parameter 'category' of the Jurpopage 0.2.0 software. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

=========================================================
Jurpopage SQL Injection
=========================================================

# Exploit Title     : Jurpopage SQL Injection
# Date              : 24 Noveber 2010
# Author            : Sudden_death (suddendeath404@yahoo.com)
# Platform/Tested on: Windows XP 2 SP 2
# myweb             : http://sudden.isgreat.org
# Version			: Jurpopage 0.2.0
# Software Link:    : http://jurpo.com/?category=100
# dork              : your imagination
======================================================================

# vuln here

SQLi : http://127.0.0.1/path/category=[sqli] 
ex : parameter : category= or etc.

[#]-------------------------------------------------------------------

Spesial thanks to all admin, all staff and all crews..... (takut ada yg ngerasa 
di anak tirikan karena ga tersebut nicknya)

[#]-------------------------------------------------------------------
note : jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap 
apa yang kau katakan!