vendor:
Shout! Script
by:
Zero Cold
5.5
CVSS
MEDIUM
Blind Sql Injection
89
CWE
Product Name: Shout! Script
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Shout! (content.php) Blind Sql Injection Vulnerability
This vulnerability allows an attacker to perform Blind Sql Injection on the Shout! Script. By modifying the 'id' parameter in the content.php URL, the attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The exploit examples provided demonstrate how to determine the version of the database server by leveraging the boolean-based blind SQL injection technique.
Mitigation:
To mitigate this vulnerability, the vendor should implement proper input validation and parameterization techniques to prevent SQL injection attacks. Users are advised to update to the latest version of the Shout! Script.