pGB 2.12 SQL Injection Vulnerability

vendor:

pGB

by:

3spi0n

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: pGB

Affected Version From: 2.12

Affected Version To: 2.12

Patch Exists: NO

Related CWE: N/A

CPE: a:powie.de:pGB:2.12

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: BackTrack 5, Win7 Ultimate

2012

pGB 2.12 SQL Injection Vulnerability

A SQL injection vulnerability exists in pGB 2.12. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: pGB 2.12 SQL Injection Vulnerability
# Date: 18/01/2012 - 03.52
# Author: 3spi0n
# Software Website: http://www.powie.de/
# Tested On: BackTrack 5 - Win7 Ultimate
# Platform: Php
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[$] Vulnerable File:

[~] kommentar.php

[$] Demo Sites:

[~] http://server/kommentar.php?id=117'
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

# Dar bi Koridor Benimki, Kendimi Aradigim.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

# Contact: Twitter.Com/RigidusCO - Facebook.Com/3spi0ne

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

- Mr.PaPaRoSSe And 3spi0n -

Bug Researcher Group - TURKEY

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>