Search...

SmartBox - page_id SQL Injection

2010-11-26T00:00:00

ID EXPLOITPACK:B6753D0D82E4116E498C641350E5F94E
Type exploitpack
Reporter KnocKout
Modified 2010-11-26T00:00:00

Description

SmartBox - page_id SQL Injection

                                        
                                            source: https://www.securityfocus.com/bid/45101/info

SmartBox is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.


A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 

http://www.example.com/page.php?page_id=14%20and%20substring%28@@version,1,1%29=5

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:48", "references": [], "description": "\nSmartBox - page_id SQL Injection", "edition": 1, "reporter": "KnocKout", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2010-11-26T00:00:00", "title": "SmartBox - page_id SQL Injection", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:48", "rev": 2}, "score": {"value": 0.1, "vector": "NONE", "modified": "2020-04-01T19:04:48", "rev": 2}, "vulnersScore": 0.1}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2010-11-26T00:00:00", "id": "EXPLOITPACK:B6753D0D82E4116E498C641350E5F94E", "href": "", "viewCount": 1, "sourceData": "source: https://www.securityfocus.com/bid/45101/info\n\nSmartBox is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.\n\n\nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. \n\nhttp://www.example.com/page.php?page_id=14%20and%20substring%28@@version,1,1%29=5", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": []}