Intext dating inurl php id
Remote attackers are able to execute sql commands by injection of malicious statements via GET method request. Domains: admin (at) vulnerability-lab (dot) com [email concealed] - research (at) vulnerability-lab (dot) com [email concealed] - admin (at) evolution-sec (dot) com [email concealed] Section: magazine.- vulnerability-lab.com/- evolution-sec.com/contact Social: twitter.com/vuln_lab - facebook.com/Vulnerability Lab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/- vulnerability-lab.com/rss/rss_- vulnerability-lab.com/rss/rss_Programs: vulnerability-lab.com/- vulnerability-lab.com/- vulnerability-lab.com/Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.The vulnerability is located on the application-side and the request method to inject/execute is GET. Permission to electronically redistribute this alert in its unmodified form is granted.After a career built on left turns, the band takes its boldest self-departure to date; appropriately, their first self-titled record feels the most alien and most self-assured.What once splintered now sprawls and pithiness blossoms into widescreen vision.Request Method(s): [ ] GET Vulnerable File(s): [ ] [ ] [ ] [ ] [ ] [ ] [ ] Vulnerable Parameter(s): [ ] id Proof of Concept (Po C): ======================= The sql-injection web vulnerability can be exploited by remote attackers without privileged web-application user account or user interaction.
Vulnerability Disclosure Timeline: ================================== 2016-03-30: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== UCATEC Product: Cades - Online Service (Web-Application) 2016 Q1 Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A remote sql injection web vulnerability has been discovered in the Cades online service web-application (2016-Q1). Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages.
Exploitation of the remote sql injection web vulnerability requires no user interaction or privileged web-application user accounts. To record, list, modify, use or edit our material contact ([email protected] or research (at) vulnerability-lab (dot) com [email concealed]) to get a ask permission.
Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Copyright Â© 2016 | Vulnerability Laboratory - [Evolution Security Gmb H]â?
The security vulnerability is a classic order by sql injection in the `id` value. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers.
The security risk of the sql injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.5. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers.
The vulnerability allows remote attackers to execute own sql commands to compromise the web-applicaation or connected dbms. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.