ProWeb Design SQL Injection Vulnerability

vendor:

ProWeb Design

by:

cyberlog

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: ProWeb Design

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

ProWeb Design SQL Injection Vulnerability

ProWeb Design is vulnerable to SQL Injection. The vulnerability can be exploited by sending malicious SQL queries to the vulnerable application. The vulnerable parameters are template_event.html?pageid=, template_home.pweb?pageid=, main_segment.html?subid= and main_segment.html?id=. An attacker can exploit this vulnerability to gain access to the database and execute malicious code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

               __                  __               
 .----..--.--.|  |--..-----..----.|  |.-----..-----.
 |  __||  |  ||  _  ||  -__||   _||  ||  _  ||  _  |
 |____||___  ||_____||_____||__|  |__||_____||___  |
       |_____|                               |_____|

####################################################
# ProWeb Design SQL Injection Vulnerability
####################################################
# Vendor: http://www.prowebassociates.com/
# Discovered by : cyberlog
# Site          : Sekuritionline.net
# Channel       : #SekuritiOnline [ Now Just My Bot ] :P
# Dork          : "Site designed and built by ProWeb Associates." 
		  inurl: template_event.html?pageid=
		  inurl: template_home.pweb?pageid=
		  inurl: main_segment.html?subid=
		  inurl: main_segment.html?id=
# Exploit       : [site]/template_event.html?pageid=[SQL Injection]
		  [site]/template_home.pweb?pageid= [SQL Injection]
		  [site]/main_segment.html?subid= [SQL Injection]
	  	  [site]/main_segment.html?id= [SQL Injection]

# Thanks        : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,
                  jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,blindboy,sukam,
                  SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathews, aurel666,
# special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] :), 
# Inj3ct0r Now Brothers with Sekuritionline
                
####################################################

# Demo: 
# http://localhost/template_event.html?pageid=

####################################################

We never die !!!! indonesian Underground Community
!!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!!
!!!!! anjing juga buat admin site indon3sia yang merasa sok h3bat, dikasih tahu ada hole malah nyolot !!!!!

KacrUt I L0v3 U :P
Give me NOCAN Brothers :P
am nt hacker just Lik3 Syst3m S3curity



                __                  __  __    __                __  __               
 .-----..-----.|  |--..--.--..----.|__||  |_ |__|.-----..-----.|  ||__|.-----..-----.
 |__ --||  -__||    < |  |  ||   _||  ||   _||  ||  _  ||     ||  ||  ||     ||  -__|
 |_____||_____||__|__||_____||__|  |__||____||__||_____||__|__||__||__||__|__||_____|