header-logo
Suggest Exploit
vendor:
PDQ Script
by:
Red-D3v1L
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PDQ Script
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:pdqmedia:pdq_script
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

PDQ Script 1.0 <== [listingid] Remote SQL injection vulnerability

A remote SQL injection vulnerability exists in PDQ Script 1.0. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _            
            / /_ _ _ _ /   _ _\/   _ _ /\        \<   |/_ _ _ _ /  
            \ \_ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             \_ _ _ _/  /___ /  /  | __ ||      /  |  |  /   /
              _______\  \_ _ \  \2_0_0_9 |      \  |  | /   /____ 
            /_ _ _ _ _\ _ _ _/\ _ _ _ /  |__|\ __\ |__|/_ _ _ _ _\ R.I.P MichaelJackson !!!!!
+===================================================================================+
|                                                                                                                                                
|                                                                                                                                                 
|         PDQ Script 1.0  <==  [listingid] Remote SQL injection vulnerability                                   
|                                                                                                                                                
+===================================================================================+
|                                                                                                                                          
| Author.: Red-D3v1L                                                                                                                
| HoMe : www.sec-r1z.com                                                         
|    ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM  
+===================================================================================+
|                                                                                                                                             
| Script.: PDQ Script 1.0                                                                                                           
| Home...: http://www.pdqmedia.co.uk/                                                                                       
|                                                                                                                                                 
+-----------------------------------------------------------------------------------                                        
| [+] d0rk:  Powered by PDQ                                                                                                        
                                                                                                                                                   
| [+] Exploit:                                                                                                                               
|                                                                                                   http://server/path/travel_d_details.php?listingid=[1nj3ct c0dE]                                          
|                                                                                                                                            
| [+] Now you see All information Site :D                                         
|                                                                                 
| [+] Enjoy xD                                                                                  
+-----------------------------------------------------------------------------------
 
+===================================================================================+
|                                                                                  
| Greetz: All #sec-r1z memb3rz!!!!                                                 
|                                                                                   
+===================================================================================+
E0D|F