header-logo
Suggest Exploit
vendor:
Parodia
by:
Carlos Mario Penagos Hollmann
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Parodia
Affected Version From: 6.8
Affected Version To: 6.8
Patch Exists: YES
Related CWE: CVE-2011-2751
CPE: parodia
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2012

Parodia 6.8 and early SQL injection

Parodia 6.8 and earlier versions are vulnerable to SQL injection. An attacker can inject malicious SQL queries via the AG_ID parameter in the agencyprofile.asp and employer-profile.asp scripts. This can allow an attacker to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Parameterized queries should be used to prevent SQL injection.
Source

Exploit-DB raw data:

# Exploit Title: Parodia 6.8 and early SQL injection
# Date: June 24 2012
# Exploit Author:Carlos Mario Penagos Hollmann
# Vendor Homepage: http://www.parodia.net/
# Version: 6.8
# CVE : CVE-2011-2751



http://server/' ---> blind SQL

http://server/agencyprofile.asp?AG_ID='
http://server/employer-profile.asp?ag_id='

There are other SQL Blind  injections ;)

Navigation

Suggest Exploit

Services By CQR