Beat Websites – ‘id’ SQL Injection

Exploit Database
16 阅读

作者： Metropolis

日期： 2012-11-24
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38061/

source: https://www.securityfocus.com/bid/56683/info

Beat Websites is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Beat Websites 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/page_detail.php?id=1 and 1=1

http://www.example.com/page_detail.php?id=1 and 1=2

last Exploits
Beat Websites – ‘id’ SQL Injection的更多信息

Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 – SQL Injection：
Itech Travel Portal Script 9.33 – SQL Injection：
NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection：
WordPress Plugin Content Timeline – SQL Injection：
Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x – Cross-Site Scripting：
PsychoStats 3.2.2b – ‘awards.php’ Blind SQL Injection：
Python CGIHTTPServer – Encoded Directory Traversal：
PHPscripte24 Preisschlacht Liveshop System – ‘index.php?aid’ SQL Injection：