header-logo
Suggest Exploit
vendor:
Zigaform PHP Form Builder Contact & Survey
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Zigaform PHP Form Builder Contact & Survey
Affected Version From: 2.9.1
Affected Version To: 2.9.1
Patch Exists: NO
Related CWE: N/A
CPE: a:zigaform:zigaform_php_form_builder_contact_&_survey
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017

Zigaform – PHP Form Builder – Contact & Survey v2.9.1 – SQL Injection

An attacker can exploit a SQL injection vulnerability in Zigaform - PHP Form Builder - Contact & Survey v2.9.1 by sending a malicious SQL query to the vulnerable application. This can be done by sending a specially crafted URL to the vulnerable application. The URL contains a malicious SQL query which can be used to extract sensitive information from the database.

Mitigation:

Developers should always use parameterized queries, also known as prepared statements, when interacting with the database. This will ensure that an attacker is not able to inject malicious SQL into the query.
Source

Exploit-DB raw data:

# # # # # 
# Exploit Title: Zigaform - PHP Form Builder - Contact & Survey v2.9.1 - SQL Injection
# Google Dork: N/A
# Date: 10.02.2017
# Vendor Homepage: http://php-form-builder.zigaform.com/
# Software Buy: https://codecanyon.net/item/zigaform-php-form-builder-contact-survey/14889427
# Demo: http://demo-phpformbuilder.zigaform.com/index.php
# Version: 2.9.1
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/formbuilder/frontend/viewform/?form=[SQL]
# Etc...
# # # # #

Navigation

Suggest Exploit

Services By CQR