Portal Home > Knowledgebase > Articles Database > Sql Injection !!


Sql Injection !!




Posted by shahzaibcw, 02-17-2015, 02:51 AM
During scanning of my application with Acunetix i have found sql injection vulnerability. Following is the URL and Error against it : URL : http://192.168.1.30/videos.php?cat=a..._recent&time=1' Error : INSERT INTO mp.mp_counters (section,query,query_md5,counts,date_added) VALUES ('video','{"category":"","date_span":"1'","0":"sub_cats"}','13b515990362a5b5e5f9bf7d4e124e4c','0','1424115176') You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0":"sub_cats"}','13b515990362a5b5e5f9bf7d4e124e4c','0','1424115176')' at line 1 Could you please let us know if this vulnerability can compromise the whole system ? If yes, how can i compromise my system? Also, i came to know that i can even get /etc/passwd file by exploiting this flaw. I am newbie to pen-testing and need to exploit this vulnerability to patch against it. Thanks. Last edited by shahzaibcw; 02-17-2015 at 02:56 AM.

Posted by helix247, 02-17-2015, 12:19 PM
I don't think anyone will tell you how to exploit a vulnerability. Even though you have discovered it, it may take some work to create a workable method to take advantage of it. You may be able to ask the team over at rack911 for assistance. It would likely be something you will pay for, which may be worth it to you if this is a production or for profit venture.

Posted by SSD-Greg, 02-19-2015, 04:03 AM
I suggest you to hire a server administration team or person. They can sort this out for you. if not done correctly there can be other vulnerables made / open up. Someone who is a pro would be able to easily trouble shoot this and tell you all that you neeed. Of course it isn't going to be free but it may be worth the while and amount it prices to fix that.

Posted by shahzaibcw, 02-19-2015, 04:46 AM
Its application flaw and developer can patch it instead of server admin.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Car Configurator ? (Views: 622)
php compile (Views: 644)