Powder Blue Desaign SQL Injection Vulnerability

vendor:

Powder Blue Desaign

by:

cyberlog

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Powder Blue Desaign

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Powder Blue Desaign SQL Injection Vulnerability

The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'id_page' parameter to the '/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication, gain access to sensitive data, modify data, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. It is recommended to use parameterized queries (prepared statements) when working with databases.

Source

Exploit-DB raw data:

               __                  __               
 .----..--.--.|  |--..-----..----.|  |.-----..-----.
 |  __||  |  ||  _  ||  -__||   _||  ||  _  ||  _  |
 |____||___  ||_____||_____||__|  |__||_____||___  |
       |_____|                               |_____|

####################################################
# Powder Blue Desaign SQL Injection Vulnerability
####################################################
# Vendor: http://www.powder-blue.com/
# Discovered by : cyberlog
# Site          : Sekuritionline.net
# Channel       : #SekuritiOnline [ Now Just My Bot ] :P
# Dork          : "Site designed and built by Powder Blue." inurl:index.php?id_page=
# Exploit       : [site]/index.php?id_page=[SQL Injection]
# Thanks        : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,
                  jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,
                  SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathews.
# special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] :), 
# Inj3ct0r Now Brothers with Sekuritionline
                
####################################################
# Demo: 
# http://[site]/index.php?id_page=5
# http://[site]/index.php?id_page=1
# http://[site]/index.php?id_page=14       
####################################################

We never die !!!! indonesian Underground Community
!!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!
!!!!! anjing juga buat admin site indon3sia yang merasa sok h3bat, dikasih tahu ada hole malah nyolot !!!!!

KacrUt I L0v3 U :P
Give me NOCAN Brothers :P
am nt hacker just Lik3 Syst3m S3curity



                __                  __  __    __                __  __               
 .-----..-----.|  |--..--.--..----.|__||  |_ |__|.-----..-----.|  ||__|.-----..-----.
 |__ --||  -__||    < |  |  ||   _||  ||   _||  ||  _  ||     ||  ||  ||     ||  -__|
 |_____||_____||__|__||_____||__|  |__||____||__||_____||__|__||__||__||__|__||_____|