vendor:
K-Rate
by:
e.wiZz!
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: K-Rate
Affected Version From: K-Rate 1.0
Affected Version To: K-Rate 1.2
Patch Exists: Yes
Related CWE: CVE-2008-4456
CPE: a:turn-k.net:k-rate
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1289/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1461/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/apple-osx-mysql-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4456/
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=60735, https://www.infosecmatter.com/nessus-plugin-library/?id=44635, https://www.infosecmatter.com/nessus-plugin-library/?id=41313, https://www.infosecmatter.com/nessus-plugin-library/?id=38642, https://www.infosecmatter.com/nessus-plugin-library/?id=36943, https://www.infosecmatter.com/nessus-plugin-library/?id=41421, https://www.infosecmatter.com/nessus-plugin-library/?id=57446, https://www.infosecmatter.com/nessus-plugin-library/?id=45372, https://www.infosecmatter.com/nessus-plugin-library/?id=42015, https://www.infosecmatter.com/nessus-plugin-library/?id=58325
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2008
K-Rate SQL Injection Vulnerability
SQL Injection in view.php,variable username. Anyway, all sites i saw which are powered by this script are hosted on Apache,and have a mod_rewrite enabled,so you need to try this: http://inthewild/view/admi'n.html You need to add .html at the end.
Mitigation:
The vulnerability can be mitigated by sanitizing user input and using prepared statements.
