The iceberg 'Content Management System' SQL Injection Vulnerability

2010-05-26 / 2010-05-27
Credit: by cyberlog
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

========================================================== The iceberg 'Content Management System' SQL Injection Vulnerability ========================================================== # The iceberg 'Content Management System' SQL Injection Vulnerability # Homepage : http://www.imagetraders.com.au # Discovered : by cyberlog # Dork : details.php?p_id= # Dork : 'Design & SEO by Image Traders Pty Ltd' # Exploit : http://[target]/details.php?p_id=[SQL Injection] # Thanks : r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz, jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL SarifJedul,wiro gendeng,Letjen,ridho_bugs,Ryan Kabrutz,Mathewsa.k.a Nyubicrew # My Site : http://sekuritionline.net # Channel : #sekuritionline #special to Mama Sri Rahayu, Member& Staff Sekuritonline, C0li a.k.a antisecurity [ pinjem script perl-na ] :), Inj3ct0r Now Brothers with Sekuritionline ============================================== We never die !!!! indonesian Underground Community !!!!! anjing buat oknum Pemerintah yang suka nilep uang rakyat !!! KacrUt I L0v3 U :P Give me NOCAN Brothers :P am nt hacker just Lik3 Syst3m S3curity

Referencje:

http://xforce.iss.net/xforce/xfdb/58617
http://www.vupen.com/english/advisories/2010/1161
http://www.osvdb.org/64694
http://www.exploit-db.com/exploits/12620
http://secunia.com/advisories/39833
http://packetstormsecurity.org/1005-exploits/iceberg-sql.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top