header-logo
Suggest Exploit
vendor:
phpRAINCHECK
by:
cr4wl3r
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: phpRAINCHECK
Affected Version From: 1.0.1
Affected Version To: 1.0.1
Patch Exists: YES
Related CWE: N/A
CPE: a:phpraincheck:phpraincheck
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

phpRAINCHECK <= 1.0.1 SQL Injection Vulnerability

A vulnerability exists in phpRAINCHECK version 1.0.1 and earlier which allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'id' parameter in the 'print_raincheck.php' script.

Mitigation:

Upgrade to the latest version of phpRAINCHECK
Source

Exploit-DB raw data:

##############################################################
##phpRAINCHECK <= 1.0.1 SQL Injection Vulnerability
##############################################################
Author: cr4wl3r <cr4wl3r\x40linuxmail\x2Eorg>
Download: http://sourceforge.net/projects/phpraincheck/files/
##############################################################
PoC:
 [phpRAINCHECK_path]/print_raincheck.php?id=[SQL]
##############################################################

Navigation

Suggest Exploit

Services By CQR