header-logo
Suggest Exploit
vendor:
L-Forum
by:
SecurityFocus
4.3
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: L-Forum
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

L-Forum SQL Injection Vulnerability

L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' which does not properly sanitize user input that is used as part of the search parameter. SQL code may be inserted into the requests and executed by the database server. Postgres: http://localhost/search.php?search=a%27%20order%20by%20time%20desc%3b%20[query] MySQL: http://localhost/search.php?search=a%25%27%20order%20by%20time%20desc%3b%20[query]

Mitigation:

Input validation should be used to ensure that user supplied data is not used to construct SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5468/info

Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' 

L-Forum does not properly sanitize user input that is used as part of the search parameter in the 'search.php' file. SQL code may be inserted into the requests and executed by the database server.

Postgres:
http://localhost/search.php?search=a%27%20order%20by%20time%20desc%3b%20[query]

MySQL:
http://localhost/search.php?search=a%25%27%20order%20by%20time%20desc%3b%20[query]

Navigation

Suggest Exploit

Services By CQR