Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities

2006-05-30 / 2006-05-31
Credit: ajannhwt hotmail com
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-2674
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

ENGLISH # Title : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities # Author : ajann # Exploit; SQL INJECT&#304;ON-------------------------------------------------------- ###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT ###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT ###http://[target]/[path]/admin/index.asp Email address: SQL TEXT Password: SQLTEXT ###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT ###post_message.asp Message Subject: SQL TEXT Message Text: SQL TEXT . .. ..... # ajann,Turkey TURKISH # Basl&#305;k : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities # A&#305;&#287;&#305; Bulan : ajann # A&#305;k bulunan dosyalar; ###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ ###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ ###http://[target]/[path]/admin/index.asp Email address: SORGUNUZ Password: SORGUNUZ ###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ ###post_message.asp Message Subject: SORGUNUZ Message Text: SORGUNUZ . .. ..... Ac&#305;klama: K&#305;sacas&#305; btn dosyalarda : ) bulunan filtrelem eksikli&#287;i nedeniyle dbden bilgi cekilebilmektedir. # ajann,Turkiye


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top