header-logo
Suggest Exploit
vendor:
MyMarket
by:
ahmadso
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MyMarket
Affected Version From: 1.71
Affected Version To: 1.71
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2011

MyMarket version 1.71(index.php) sql Injection

MyMarket version 1.71 is vulnerable to SQL Injection. An attacker can inject malicious SQL codes into the 'id' parameter of the 'index.php' page of the application. This can be exploited to gain access to the database and potentially gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL Injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: MyMarket version 1.71(index.php) sql Injection
# Google Dork: allinurl:mymarket/shopping/index.php
# Date: 7-2-2011
# Author: ahmadso
# Version: 1.71
# Tested on: win xp sp2
====================================================
# http://www.site.com/mymarket/shopping/index.php?id= [SQL Codes]
====================================================

Navigation

Suggest Exploit

Services By CQR