header-logo
Suggest Exploit
vendor:
Hostwq.net
by:
Dazz

Powered by Search Optics Automotive Internet Marketing

The vulnerability exists due to insufficient filtration of user-supplied data in the "viewID" parameter in the "inventory.php" script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the application database. This can be exploited to bypass authentication and gain access to the application.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

By: Dazz 
Email: Dazz.band (at) hotmail (dot) com [email concealed] 

================================================ 

Script :
 
Powered by Search Optics 
Automotive Internet Marketing 

example:

http://www.example.com/inventory.php?t=N&viewID=3665819[SQL]

================================================ 

WebSite :
http://wwe.hostwq.net