Portal ModulNet - exploit.company

vendor:

Portal ModulNet

by:

./Red-D3v1L

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Portal ModulNet

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: portalmodulnet.com

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Portal ModulNet <== 1.0 (Id) SQL Injection Vulnerability

An attacker can exploit this vulnerability by injecting malicious SQL code into the 'id' parameter of the 'firmapage.php' script. This can allow the attacker to access, modify, or delete data from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _           
            / /_ _ _ _ /   _ _\/   _ _ /\        \<   |/_ _ _ _ / 
            \ \_ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             \_ _ _ _/  /___ /  /  | __ ||      /  |  |  /   /
              _______\  \_ _ \  \2_0_0_9 |      \  |  | /   /____
            /_ _ _ _ _\ _ _ _/\ _ _ _ /  |__|\ __\ |__|/_ _ _ _ _\ R.I.P MichaelJackson !!!!!
+===================================================================================+

    [?] ~ Note : sEc-r1z CrEw# r0x !
==============================================================================
    [?] Portal ModulNet <== 1.0 (Id) SQL Injection Vulnerability
==============================================================================
    [?] My home:              [ http://sec-r1z.com ]
    [?] Script:               [ Portal ModulNet 1.0 ]
    [?] Language:             [ PHP ]
    [?] Vendor                [http://portalmodulnet.com/]
    [?] Founder:              [ ./Red-D3v1L ]
    [?] Gr44tz to:            [ sec-r1z# Crew - Hackteach Team - My L0ve ~A~ ]
    [?] Fuck To :             [ Zombie_KsA << big big big L4m3r ] 
########################################################################
  
===[ Exploit SQL ]===
  
[»]SQL : [Path]/firmapage.php?id==[inj3ct C0dE]
 

==============================================================================

#sEc-r1z.com Str1kEz y0u !