T-Dreams Cars Ads Package SQL injection Vulnerability

vendor:

T-Dreams Cars Ads Package

by:

R4dc0re

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: T-Dreams Cars Ads Package

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:t-dreams:t-dreams_cars_ads_package

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

T-Dreams Cars Ads Package SQL injection Vulnerability

The vulnerability exists in the T-Dreams Cars Ads Package, which allows an attacker to inject malicious SQL queries via the 'key' parameter in the 'processview.asp' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user-supplied input to prevent malicious code from being executed.

Source

Exploit-DB raw data:

# Author: R4dc0re
# Exploit Title: T-Dreams Cars Ads Package SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link:http://t-dreams.com
# Category:WebApp
#Version:2.0
#Price:31$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members 

Submit Your Exploit at Submit@1337db.com

########################################################################################
[Product Detail]

. JPhotos Upload to Database

. Up to 3 images per ad

. Car Makers & Car Models Categories

. Secure Members Area

. Member places many ads

. Web Based Administrating Area

. Easy to register Forms

. Information & Users Privacy

. Easy to merge with existing sites

. MS Access Included

. SQL Upgrading is enabled

. Open Source Code

[Vulnerability]

SQL Injection:

http://server/processview.asp?key=[Code]
########################################################################################