header-logo
Suggest Exploit
vendor:
Snitz Forum v1.0
by:
Emiliano Febbi
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Snitz Forum v1.0
Affected Version From: ALL VERSION
Affected Version To: ALL VERSION
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2023

Snitz Forum v1.0 – Blind SQL Injection

A vulnerability exists in Snitz Forum v1.0 which allows an attacker to perform a Blind SQL Injection attack. This can be exploited by sending a specially crafted HTTP request to the vulnerable application. This can result in the attacker gaining access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use the least privileged account with access to the database.
Source

Exploit-DB raw data:

# Exploit Title: Snitz Forum v1.0 - Blind SQL Injection
# Date: 13/03/2023
# Exploit Author: Emiliano Febbi
# Vendor Homepage: https://forum.snitz.com/
# Software Link: https://sourceforge.net/projects/sf2k/files/
# Version: ALL VERSION
# Tested on: Windows 10 

[code]
._ _______.
*/ ///______I
) . /_(_)
/__/ *0day PoC*


http://www.site.com/forum/cal.asp?date=25/03/2023   <= SQLi ???

http://www.site.com/forum/log.asp?log_id=3456       <= Blind SQLi #!WORK!#

._________.
*/ ///______I
) . /_(_)
/__/*0day PoC End*
[/code]

Navigation

Suggest Exploit

Services By CQR