vendor:
PEEL
by:
SuB-ZeRo
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PEEL
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
PEEL Remote SQL Injection Vulnerability
PEEL Remote SQL Injection Vulnerability is a vulnerability discovered by SuB-ZeRo in 2008. It affects the website http://www.peel.fr/ and the downloader http://www.script-masters.com/home/voir_script_php_mysql-146.html. The exploit is executed by sending a malicious request to the website in the form of http://[website]/[script]/lire/index.php?rubid=1+union+select+1,@@version,3-- or http://[website]/[script]/index.php?rubid=1+union+select+1,@@version,3--. A live demo of the exploit can be found at http://demo.peel.fr/lire/index.php?rubid=1+union+select+1,@@version,3--.
Mitigation:
Input validation and sanitization should be used to prevent SQL injection attacks.
