Advanced comment system 1.0 sql injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-11-14 |
Type : webapps |
Platform : php
This exploit / vulnerability Advanced comment system 1.0 sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: SQL injection in Advanced comment system v1.0
# Date: 29-10-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.plohni.com
# Software Link:
http://www.plohni.com/wb/content/php/download/Advanced_comment_system_1-0.zip,
https://web.archive.org/web/20120214173003/http://www.plohni.com/wb/content/php/download/Advanced_comment_system_1-0.zip
# Version: Advanced comment system v1.0
# Tested on: All
# CVE : CVE-2018-18619
# Category: webapps
1. Description
PHP page internal/advanced_comment_system/admin.php in Advanced Comment
System 1.0 is prone to an SQL injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query,
allowing remote attackers to execute the sqli attack via a URL in the
"page" parameter.
The product is discontinued.