Site by Redlab Multiple Vulnerabilities

vendor:

N/A

by:

tempe_mendoan

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

N/A

Site by Redlab Multiple Vulnerabilities

The vulnerability exists due to insufficient filtration of user-supplied input in multiple parameters in multiple scripts. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to steal or modify sensitive data, exploit vulnerable versions of SQL Server, bypass authentication and gain access to the administrator's account, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be carefully verified before passing to the SQL statement.

Source

Exploit-DB raw data:

[~]Title      				   : Site by Redlab Multiple Vulnerabilities
[~]Vendor or Software Link:    		   : http://www.redlab.net/ 
[~]Author  			           : tempe_mendoan
[~]Contact  				   : devilzc0de.tempe@gmail.com
[~]Google Dork				   : inurl:"gorengan tempe" intext:"Site by Redlab Co., Ltd"
					
############################################## 
===[ POC ]===
 
[»] http://website/[path]/careers-detail.asp?id=[SQL]

[»] http://website/[path]/publications.asp?type=[SQL]

[»] http://website/[path]/WhatNew.asp?page=&id=[SQL]

[»] http://website/[path]/gallery.asp?cid=[SQL]
##############################################

Greats T0 :

./ And All My Friend 

Thanks :

./ kang r3m1ck atas ilmu tentang wordpress nya 
./ mas kaMz lan mas Farhatz suwun yo mas :D
./ Kang chaer yang selalu memberi semangat
./ AdeYonatan yang menemani buka puasa dengan tempe mendoan =))
./ Mas v3n0m yang menemani twitteran 
./ my Love Dyla semoga cepat sembuh ya :*