Spaceacre Multiple SQL Injection Vulnerability

vendor:

N/A

by:

Wiro Sablenk aka Gendenk

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Spaceacre Multiple SQL Injection Vulnerability

Spaceacre is vulnerable to multiple SQL injection vulnerabilities. An attacker can inject malicious SQL queries via the 'catID' parameter in the following URLs: http://[target]/cat1.php?catID=[SQL], http://[target]/cat2.php?catID=[SQL], http://[target]/cat3.php?catID=[SQL], http://[target]/cat4.php?catID=[SQL], http://[target]/cat5.php?catID=[SQL], http://[target]/cat6.php?catID=[SQL].

Mitigation:

Input validation and sanitization should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#Spaceacre Multiple SQL Injection Vulnerability
#by Wiro Sablenk aka Gendenk
#vendor :http://www.spaceacre.com/
#dork: "Designed by Spaceacre"
#poc: 

#####################################################
http://[target]/cat1.php?catID=[SQL]
http://[target]/cat2.php?catID=[SQL]
http://[target]/cat3.php?catID=[SQL]
http://[target]/cat4.php?catID=[SQL]
http://[target]/cat5.php?catID=[SQL]
http://[target]/cat6.php?catID=[SQL]


Life is challanging, the fear of challanges, causing you for backwardness..Facing for the bright future..

#Thanks to : cyberlog, cr4wl3r and MAMA Sri Rahayu [ istri cyberlog ] Semoga Cepet Lekas Sembuh

Manadocoding,Sekuritionline,Jatimcrew
#####################################################