header-logo
Suggest Exploit
vendor:
Body Builder
by:
SecurityFocus
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Body Builder
Affected Version From: Not Specified
Affected Version To: Not Specified
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: a:ruslan_communications:body_builder
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Not Specified
2002

Ruslan Communications Builder SQL Injection Vulnerability

Ruslan Communications <Body>Builder is vulnerable to SQL injection attacks due to insufficient input validation. A malicious user can supply special characters in the login password field to modify the SQL query used to validate the user, allowing for access to the administrative interface.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5008/info

Ruslan Communications <Body>Builder is a tool designed to assist a user in creating a website. It allows for remote administration through a web interface, and is implemented in Java.

Reportedly, user input supplied as the login password is not adequately filtered. A malicious user may include special characters in the supplied password and modify the SQL query used to validate the user. Access to the administrative interface is possible. 

Use login='-- and pass='--

Navigation

Suggest Exploit

Services By CQR