vendor:
Portail PHP
by:
xoron
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Portail PHP
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Portail PHP v20 (index.php) Remote SQL Injection Exploit
This exploit allows an attacker to perform a remote SQL injection attack on the Portail PHP v20 index.php file. The script prompts the user to select a language and then asks for the victim's website URL, path, and user ID. It then attempts to connect to the website and perform the SQL injection attack to retrieve user information, specifically the hashed password. If successful, it displays the user ID and hashed password. If unsuccessful, it displays an error message.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks. Additionally, keeping software up to date with the latest security patches can help prevent exploitation of known vulnerabilities.