Limelight Software Ltd (article.php) Sql Injection Vulnerability

vendor:

article.php

by:

eXeSoul

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: article.php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows/Linux

2011

Limelight Software Ltd (article.php) Sql Injection Vulnerability

A SQL injection vulnerability exists in Limelight Software Ltd's article.php page, which allows an attacker to inject malicious SQL queries into the application. This can be exploited to manipulate the application's database and gain access to sensitive information. The vulnerability is present when user-supplied input is not properly sanitized before being used in an SQL query.

Mitigation:

Input validation and proper sanitization of user-supplied input should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

© Limelight Software Ltd (article.php) Sql Injection Vulnerability

####################################################################
.:. Author         : eXeSoul 
.:. Contact        : exe.soul@live.com
.:. Date           : 04-03-2011
.:. category       : Web Apps [SQli]
.:. HomePage       : www.indishell.in
.:. Tested on      : windows/linux
.:. Vulnerability  : PHP [ Sql Injection Vunerability ]
.:. Vendor         : www.limelight-software.com
.:. VCE            : ()
.:. Dork           : "© Limelight Software Ltd"
.:.
.:.
####################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
<3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, Th3 RDX, G00g!3 W@rr!0r, Nazz ,
r45c4l, str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor , Bon3 ,Badboy-Albinia, Mr.SK , I-H Guru,
X__HMG, AK-47, [ICW] [Andhra Hackers], Ethical N00b,[Indishell crew]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  
  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                           ......\m/ INDIAN CYBER ARMY \m/......
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
Vulnerability:
   
*SQL injection Vulnerability*


[+]http://site.com/article.php?id='59
[+]http://site.com/article.php?id=[SQLi]

=> PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam
    
=> c0d3 for motherland, h4ck for motherland
   
  
       
     Enj0y! :D
  
  
[#] DOne now time to rock \m/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# JAY HIND.!! JAY SHREE RAM.!! JAY SHREE KRISHANA.!! JAY MAHADEV.!!
 
# eXploit-db.com [04-03-2011]
   
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   
finish(0);