MHP DownloadScript v2.2 - exploit.company

vendor:

MHP DownloadScript

by:

DeadLy DeMon

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: MHP DownloadScript

Affected Version From: MHP DownloadScript v2.2

Affected Version To: MHP DownloadScript v2.2

Patch Exists: No

Related CWE: N/A

CPE: cpe:a:mhproducts:mhp_downloadscript:2.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP 3 and Backtrack4

2010

MHP DownloadScript v2.2 <<= SQL injection Vulnerability

MHP DownloadScript v2.2 is vulnerable to SQL injection. An attacker can inject malicious SQL queries to the vulnerable parameter in the admin login page. This can be exploited to bypass authentication, access, modify or delete data from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

Name : MHP DownloadScript v2.2 <<= SQL injection Vulnerability

+Autor : DeadLy DeMon
+Date : 18.12.2010
+Script : MHP DownloadScript v2.2
+Download : ----
+Site : http://www.mhproducts.de/php-scripte-5/tools-dienste/download-center.html
+Dork : Not Dork
+Price : 4,99 EURO
+Language : PHP
+Tests : Windows XP SP 3 and Backtrack4 any other OS
+Discovered by DeadLy DeMon
+ Cyber - Warrir TIM =>> www.Cyber-warrior.org
+Greetz to All KinqSqlZ Crew

---------------------------------------------------------------------------------------
DeadLy DeMon ,System-Hacker , BlackApple , HeroTurk , F0RTYS3V3N ,
JackTheRipper , Sadrazam and All KinqSqlZCrew Member

Aklınıza Geliriz , Aklınız
Gider..                                               KinqSqlZ Crew Akar...

----------------------------------------------------------------------------------------
Bug ;

*target/path/downloadcenter/admin/
*
*name : '

pass : '*