header-logo
Suggest Exploit
vendor:
Point of Sales - Multi Outlets POS
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Point of Sales - Multi Outlets POS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:prosoft-apps:point_of_sales_multi_outlets_pos
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Point of Sales – Multi Outlets POS v3.1 Script – SQL Injection

An attacker can exploit a SQL injection vulnerability in Point of Sales - Multi Outlets POS v3.1 Script by sending malicious SQL queries to the application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other sensitive data.

Mitigation:

Developers should always use parameterized queries, also known as prepared statements, when interacting with the database. This will ensure that user-supplied input is treated as a string value rather than as executable code.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Point of Sales - Multi Outlets POS v3.1 Script - SQL Injection
# Google Dork: N/A
# Date: 08.02.2017
# Vendor Homepage: http://prosoft-apps.com/
# Software Buy: https://codecanyon.net/item/point-of-sales-multi-outlets-pos/17674742
# Demo: http://pos.prosoft-apps.com/pos/
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/view_invoice?id=[SQL]
# Etc...
# # # # #

Navigation

Suggest Exploit

Services By CQR