Zylone IT Multiple Blind SQL Injection Vulnerability

vendor:

Zylone IT

by:

Callo

8,8

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Zylone IT

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: php

2010

Zylone IT Multiple Blind SQL Injection Vulnerability

This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. The attacker can use this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords. The vulnerability exists due to insufficient input validation of user-supplied data. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable application.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Zylone IT Multiple Blind SQL Injection Vulnerability
# Date: 2010-07-08
# Author: Callo
# Software Link: http://www.zylone.com/
# Version: Unknown
# Tested on: php

10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Title: Zylone IT Multiple Blind SQL Injection Vulnerability               0
0                                                                              1
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Date: 2010-07-07                                                          0
0                                                                              1
10101010101010101010101010101010101010101010101010101010101010101010101010101010
0                                                                              1
1 ~# Author: Callo                                                             0
0 ~# Home: www.gsk2.org                                                        1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Software Link: http://www.zylone.com/                                     1
1 ~# Version: Unknow
0 ~# Tested on: php                                                            1
1 ~# Dork: Powered by Zylone IT                                                0
0          Powered By: Zylone IT                                               1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Exploit: http://localhost/[PATH]/news_details.php?news_id=[BLIND SQLi]    1
1             http://localhost/[PATH]/news.php?cat_id=[BLIND SQLi]             0
0             http://localhost/[PATH]/news_details.php?sec_id=[BLIND SQLi]     1
1             http://localhost/[PATH]/home.php?page_id=[BLIND SQLi]            0
0             http://localhost/[PATH]/events.php?cat_id=[BLIND SQLi]           1
1             http://localhost/[PATH]/policy.php?sec_id=[BLIND SQLi]           0
0                                                                              1
01010101010101010101010101010101010101010101010101010101010101010101010101010101
1                                                                              0
0 ~# Greetz: Whivack                                                           1
1                                                                              0
01010101010101010101010101010101010101010101010101010101010101010101010101010101