header-logo
Suggest Exploit
vendor:
TV - Video Subscription
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: TV - Video Subscription
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:codepaul:tv_-_video_subscription
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

TV – Video Subscription – SQL Injection

The vulnerability exists due to insufficient filtration of user-supplied data in the 'keyword' parameter of the 'search' script. A remote attacker can send a specially crafted request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to manipulate SQL queries to view, add, modify and delete records in the back-end database.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: TV - Video Subscription - SQL Injection
# Google Dork: N/A
# Date: 10.02.2017
# Vendor Homepage: http://codepaul.com/
# Software Buy: https://codecanyon.net/item/tv-video-subscription/13966427
# Demo: http://codepaul.com/tv/
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/search?keyword=[SQL]
# # # # #

Navigation

Suggest Exploit

Services By CQR