SchuldnerBeratung (Login) SQL injection Vulnerability

vendor:

SchuldnerBeratung

by:

DeadLy DeMon

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: SchuldnerBeratung

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP3, Backtrack4

2010

SchuldnerBeratung (Login) SQL injection Vulnerability

This vulnerability allows an attacker to inject SQL queries into the login form, potentially gaining unauthorized access to the system. The vulnerability was discovered by DeadLy DeMon.

Mitigation:

To mitigate this vulnerability, the application should use parameterized queries or prepared statements to sanitize user input and prevent SQL injection attacks. Regular security updates and patches should also be applied to the application to address any known vulnerabilities.

Source

Exploit-DB raw data:

+Name : SchuldnerBeratung ( Login) SQL injection Vulnerability
+Autor : DeadLy DeMon
+Date : 18.12.2010
+Script : SchuldnerBeratung
+Site : http://www.mhproducts.de/catalogsearch/result/?q=Schuldnerprojekt
+Download : ----
+Dork : Not Dork
+Price : 8,99 EURO
+Language : PHP
+Tests : Windows XP SP 3 and Backtrack4 any other OS
+Discovered by DeadLy DeMon
+ Cyber - Warrir TIM =>> www.cyber-warrior.org
+Greetz to All Cyber-Warrior Members
---------------------------------------------------------------------------------------


*Acılarımı dinliyorum sessiz sedasız.. Meğer ne çığlıklar atıyormuş..
Kaybettiklerimi düşünüyorum zaman zaman.. Meğer ne çok zamanımı almış...
Geçen zamanı düşünüyorum sonra acele etmeden usul usul..
Meğer o geçerken nasılda acele etmiş akmış gitmiş..
Aynaya bakıyorum Bedenim genç ama ruhum yaşlanmış... *
----------------------------------------------------------------------------------------

Bug ;
target/path/webseite/login.php

User : '
Passwort : '