header-logo
Suggest Exploit
vendor:
Uploadr
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Uploadr
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:lagunaproperty:uploadr
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Uploadr – Project Files Management – SQL Injection

SQL Injection vulnerability exists in Uploadr - Project Files Management, which allows an attacker to inject malicious SQL queries via the 'keyword' and 'file' parameters in the 'search' and 'download' scripts. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Uploadr - Project Files Management - SQL Injection
# Google Dork: N/A
# Date: 10.02.2017
# Vendor Homepage: http://lagunaproperty.com/
# Software Buy: https://codecanyon.net/item/uploadr-project-files-management/13545125
# Demo: http://download.lagunaproperty.com/
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/search?keyword=[SQL]
# http://localhost/[PATH]/download?file=[SQL]
# # # # #

Navigation

Suggest Exploit

Services By CQR