Traidnt UP (view.php) SQL Injection Vulnerability

vendor:

Traidnt UP

by:

ScOrPiOn

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Traidnt UP

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:traidnt:traidnt_up:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Traidnt UP (view.php) SQL Injection Vulnerability

Traidnt UP version 2.0 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'file' parameter in the 'view.php' script. This can be exploited to bypass authentication and gain access to the application and the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user-supplied input to prevent malicious SQL code from being executed.

Source

Exploit-DB raw data:

###################################################
# |Title           : Traidnt UP (view.php) SQL Injection Vulnerability
# | Software        : Traidnt UP
# | Version        : 2.0
# | Date            : 09 / 05 / 2011
# | Author          : ScOrPiOn
# | Contact         : nemesis_kingofthekilling@hotmail.com
# | Google Dork     : "Powered by Traidnt UP Version 2.0"
# | Vendor          : http://www.traidnt.net/vb/showthread.php?t=725777
##################################################
# | Exploit :
# | http://www.localhost.com//view.php?file=SQL
##################################################
# | Greetz :
# | Dr.Dmar , Joker_1 , Crazy_Dad , Azam , All My Msn Messenger Friends
##################################################
Demo :
http://up.lll1.com//view.php?file=eaf47f8b92%27
http://www.kll5.net//view.php?file=fc99545574%27
##################################################
magic_quotes_gpc :: Off
##################################################
I Love You .... (K)
##################################################