Oto Galery v1.0 Multiple SQL injection Vulnerabilities

vendor:

Oto Galery

by:

DeadLy DeMon

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Oto Galery

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:iskenderaltuntas:oto_galery:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP 3 and Backtrack4

2010

Oto Galery v1.0 Multiple SQL injection Vulnerabilities

Oto Galery v1.0 is vulnerable to multiple SQL injection vulnerabilities. The vulnerable parameters are 'carsdetail.asp?arac' and 'twohandscars.asp?marka'. An attacker can exploit these vulnerabilities to gain unauthorized access to the application and its underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

+Name : Oto Galery v1.0  <<= Multiple SQL injection Vulnerabilities
+Autor : DeadLy DeMon
+Date : 18.12.2010
+Script : Oto Galery v1.0
+Vendor : http://www.iskenderaltuntas.com
+Price : 1000 TL
+Language : PHP
+Tests : Windows XP SP 3 and Backtrack4 any other OS
+Discovered by DeadLy DeMon
+ Cyber - Warrior TIM =>> *www.cyber-warrior.org*
+Greetz to All System-Hacker, BlackApple , F0RTYS3V3N , HUNT3R , Şair-ul
Cihad and All KinqSqlZCrew
Members
---------------------------------------------------------------------------------------

Var mı içinizde beni tanıyan?
Yaşanmadan çözülemeyen sır benim.
Kalmasada şöhretimi duymayan,
Kimliğimi tarif etmek zor benim..
                                    Aklınıza Geliriz Aklınız Gider...
KinqSqlZ Crew Akar...
----------------------------------------------------------------------------------------

Bug ;
carsdetail.asp?arac=[Sql Inj.]
twohandscars.asp?marka=[Sql Inj.]

---------------------------------------------------------------------------------------