ARASTAR - SQL Injection Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

ARASTAR SQL Injection Vulnerability in All Versions, Content Managemen


                                                +#######+ 
|[o] ID |
+#######+
[+] Title              :  ARASTAR SQL Injection Vulnerability
[+] Affected Version   :  ALL VERSIONS
[+] Software Link      :  http://ara-star.com/art.php?ID=172
[+] Tested on          :  Windows XP SP2 &#60;CHROME + FIREFOX&#62;
[+] Date               :  18/11/2011
[+] Dork               :  inurl:&#39;.co.il/Cat.php?ID=&#39; intext:&#34;POWERED BY ARASTAR&#34;
[+] Category           :  Content Management
[+] Severity           :  High
[+] Author             :  TH3_N3RD
[+] Follow on FB       :  https://www.facebook.com/TH3xN3RD

+############+ 
|[o] EXPLOIT |
+############+
[+] http://[website]/cat.php?ID=[SQLi]
[+] ADMINISTRATION PATH : http://[website]/admin-aps
+#########+ 
|[o] PoC  |
+#########+
[+] It Depends On The Column Count Of The Script Version /.-

+------------+ 
|[o] Greet&#39;z |
+------------+
[+] To : #MY MIND# [&] VERGEIRAS [&] ALL THE MOROCCAN HAX0R&#39;z
@`d0n3\-

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1