Bug: Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities ( Ascii Version )

Search:
WLB2

Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

Published
Credit
Risk
2006.05.31
ajannhwt hotmail com
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2006-2674
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

ENGLISH

# Title : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Author : ajann

# Exploit;

SQL INJECT&#304;ON--------------------------------------------------------

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT

###http://[target]/[path]/admin/index.asp

Email address: SQL TEXT

Password: SQLTEXT

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT

###post_message.asp

Message Subject: SQL TEXT

Message Text: SQL TEXT

.

..

.....

# ajann,Turkey

TURKISH

# Basl&#305;k : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

# Aç&#305;&#287;&#305; Bulan : ajann

# Aç&#305;k bulunan dosyalar;

###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ

###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ

###http://[target]/[path]/admin/index.asp

Email address: SORGUNUZ

Password: SORGUNUZ

###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ

###post_message.asp

Message Subject: SORGUNUZ

Message Text: SORGUNUZ

.

..

.....

Ac&#305;klama:

K&#305;sacas&#305; bütün dosyalarda : ) bulunan filtrelem eksikli&#287;i nedeniyle dbden bilgi
cekilebilmektedir.

# ajann,Turkiye

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version