header-logo
Suggest Exploit
vendor:
eFlower
by:
Don Tukulesto
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: eFlower
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Sunbyte e-Flower SQL Injection Vulnerability

Sunbyte eFlower is an e-commerce system that helps your florist shop takes order through Internet. An attacker can exploit a SQL injection vulnerability in the 'index.php' script by supplying a specially crafted 'id' parameter value. This can allow an attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

/**************************************************************************

[!] Sunbyte e-Flower SQL Injection Vulneralbility
[!] Author      : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage    : http://www.indonesiancoder.com
[!] Date        : December 28, 2009
[!] Tune In     : http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://www.sunbyte.net/
[+] Download : http://store.esellerate.net/s.aspx?s=STR932252155
[+] Version() : -
[+] Price : $150
[+] Overview : Sunbyte eFlower is an e-commerce system that helps your florist shop takes order through Internet.
[+] Method : SQL Injection
[+] Dork : Nothing else Matter

===========================================================================

[ Got Error ]

http://server/eFlower/index.php?s=cat&m=o&id=[IndonesianCoder-2009]

===========================================================================